CVE-2025-44895 – This CVE describes a stack overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-44895?

CVE-2025-44895 has a CVSS score of 6.5 (MEDIUM). This CVE describes a stack overflow vulnerability in the FW-WGS-804HPT router's web interface. Attackers can exploit this by sending specially crafted requests to the ipv4Aclkey parameter, potentially allowing remote code execution or denial of service. Only users of this specific router model and firmware version are affected.

📋 TL;DR

This CVE describes a stack overflow vulnerability in the FW-WGS-804HPT router's web interface. Attackers can exploit this by sending specially crafted requests to the ipv4Aclkey parameter, potentially allowing remote code execution or denial of service. Only users of this specific router model and firmware version are affected.

💻 Affected Systems

Products:

FW-WGS-804HPT router

Versions: v1.305b241111

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific firmware version. The web management interface must be enabled and accessible.

📦 What is this software?

Wgs 804hpt Firmware by Planet

View all CVEs affecting Wgs 804hpt Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges, allowing complete device takeover and lateral movement into connected networks.

🟠

Likely Case

Denial of service causing router crash and network disruption, requiring physical reset.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and web interface access is restricted.

🌐 Internet-Facing: HIGH - The vulnerability is in the web management interface which is often exposed to the internet for remote administration.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The referenced blog post appears to contain technical details that could be used to create an exploit. Stack overflow vulnerabilities in embedded devices are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. Download latest firmware. 3. Backup current configuration. 4. Upload new firmware via web interface. 5. Reboot router. 6. Restore configuration if needed.

🔧 Temporary Workarounds

Disable web management interface

all

Prevent access to the vulnerable web interface component

Access router CLI via SSH/Telnet
Navigate to web interface settings
Disable HTTP/HTTPS management

Restrict web interface access

all

Limit which IP addresses can access the management interface

Configure firewall rules to allow only trusted IPs
Set up VPN for management access

🧯 If You Can't Patch

Segment the router on isolated network VLAN
Implement strict network ACLs to block external access to port 80/443

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface: System > Firmware or via CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify firmware version is no longer v1.305b241111 and test web interface functionality

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /web_acl_ipv4BasedAceAdd
Large payloads in ipv4Aclkey parameter
Router crash/reboot logs

Network Indicators:

Unusual traffic to router management port 80/443
Large HTTP POST requests with crafted ipv4Aclkey values

SIEM Query:

source="router_logs" AND (uri="/web_acl_ipv4BasedAceAdd" OR parameter="ipv4Aclkey")

📊 Metadata

CVE ID: CVE-2025-44895

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-121

EPSS Score: 0.09% exploit probability (25.9th percentile)

Published: May 21, 2025

Last Updated: June 3, 2025

🔗 References

https://lafdrew.github.io/2025/04/18/web-acl-ipv4BasedAceAdd-post-ipv4Acl-StackOverflow/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-44895, you might also want to check these: