CVE-2025-15163 – This vulnerability in Tenda WH450 routers allow... (How to Fix)

📋 TL;DR

This vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the SafeEmailFilter functionality. Attackers can exploit this without authentication to potentially take full control of affected devices. All users running Tenda WH450 firmware version 1.0.0.18 are affected.

💻 Affected Systems

Products:

Tenda WH450

Versions: 1.0.0.18

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this firmware version are vulnerable by default

📦 What is this software?

Wh450 Firmware by Tenda

View all CVEs affecting Wh450 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and persistent backdoor installation

🟠

Likely Case

Device takeover enabling network traffic interception, credential theft, and lateral movement within the network

🟢

If Mitigated

Denial of service or device crash if exploit fails or protections are in place

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication, public exploit available

🏢 Internal Only: HIGH - Even internal attackers can exploit this vulnerability

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub, making exploitation straightforward for attackers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. If update available, download and install via router admin interface
3. Reboot router after installation

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to vulnerable interface

Access router admin panel → Security → Disable Remote Management

Network segmentation

all

Isolate affected routers from critical network segments

🧯 If You Can't Patch

Replace affected devices with patched or different models
Implement strict network access controls and firewall rules to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface (typically under System Status or About)

Check Version:

Check via router web interface or SSH if enabled: cat /proc/version or show version commands

Verify Fix Applied:

Verify firmware version is no longer 1.0.0.18 after update

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/SafeEmailFilter
Router crash/reboot logs
Memory corruption errors

Network Indicators:

Malformed HTTP requests to router management interface
Suspicious traffic patterns to port 80/443 of router

SIEM Query:

source="router_logs" AND (uri="/goform/SafeEmailFilter" OR message="buffer overflow" OR message="segmentation fault")

📊 Metadata

CVE ID: CVE-2025-15163

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (34th percentile)

Published: December 29, 2025

Last Updated: December 30, 2025

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/SafeEmailFilter/SafeEmailFilter.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.338538 Permissions Required,VDB Entry
https://vuldb.com/?id.338538 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.721214 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15163, you might also want to check these: