CVE-2025-6112 – A critical buffer overflow vulnerability in Ten... (How to Fix)

Q: What is the severity of CVE-2025-6112?

CVE-2025-6112 has a CVSS score of 8.8 (HIGH). A critical buffer overflow vulnerability in Tenda FH1205 routers allows remote attackers to execute arbitrary code by manipulating the lanMask parameter in the fromadvsetlanip function. This affects Tenda FH1205 routers running firmware version 2.0.0.7. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

A critical buffer overflow vulnerability in Tenda FH1205 routers allows remote attackers to execute arbitrary code by manipulating the lanMask parameter in the fromadvsetlanip function. This affects Tenda FH1205 routers running firmware version 2.0.0.7. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Tenda FH1205

Versions: 2.0.0.7

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Fh1205 Firmware by Tenda

View all CVEs affecting Fh1205 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, lateral movement into internal networks, persistent backdoor installation, and botnet recruitment.

🟠

Likely Case

Remote code execution allowing attackers to reconfigure the router, intercept network traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access, though internal threats could still exploit it.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed, making weaponization highly probable. The vulnerability requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda's official website for firmware updates. 2. Download the latest firmware for FH1205. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply the new firmware. 6. Reboot the router.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to the vulnerable interface by disabling remote administration features.

Network segmentation

all

Isolate affected routers in a separate network segment with strict firewall rules.

🧯 If You Can't Patch

Replace affected devices with patched or alternative models
Implement strict network access controls to limit exposure to the vulnerable interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is 2.0.0.7, the device is vulnerable.

Check Version:

Check via router web interface or SSH if available: cat /proc/version or similar firmware version commands

Verify Fix Applied:

After firmware update, verify the version is no longer 2.0.0.7 and test that the /goform/AdvSetLanip endpoint properly validates input.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/AdvSetLanip with malformed lanMask parameters
Router crash or reboot logs
Unusual configuration changes

Network Indicators:

Exploit traffic patterns to router's web interface on port 80/443
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (uri="/goform/AdvSetLanip" AND (lanMask CONTAINS "malformed_pattern" OR request_size > threshold))

📊 Metadata

CVE ID: CVE-2025-6112

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (34th percentile)

Published: June 16, 2025

Last Updated: July 18, 2025

🔗 References

https://lavender-bicycle-a5a.notion.site/Tenda-FH1205-fromadvsetlanip-20b53a41781f80bf850ff39f88ad7f2b?source=copy_link Exploit,Third Party Advisory
https://vuldb.com/?ctiid.312581 Permissions Required,VDB Entry
https://vuldb.com/?id.312581 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.592472 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6112, you might also want to check these: