Login Sign Up

CVE-2025-7792

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Tenda FH451 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the formSafeEmailFilter function. This affects Tenda FH451 routers running firmware version 1.0.0.9. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:
  • Tenda FH451
Versions: 1.0.0.9
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Fh451 Firmware by Tenda

View all CVEs affecting Fh451 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, creation of persistent backdoors, lateral movement to internal networks, and data exfiltration.

🟠

Likely Case

Remote code execution allowing attackers to modify device configuration, intercept network traffic, or use the device as a pivot point for further attacks.

🟢

If Mitigated

Denial of service or temporary disruption if exploit fails or is detected by security controls.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication on internet-facing devices.
🏢 Internal Only: MEDIUM - Internal devices could be exploited by attackers who have gained initial network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept exploit code is available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates
2. If update available, download and flash firmware
3. Reboot router after update
4. Verify firmware version is no longer 1.0.0.9

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to router management interface

Network segmentation

all

Isolate router management interface to internal network only

🧯 If You Can't Patch

  • Replace affected devices with patched or different models
  • Implement strict network access controls to limit exposure to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router web interface or use command 'cat /proc/version' via SSH/Telnet if enabled to verify firmware version is 1.0.0.9

Check Version:

Login to router web interface and check firmware version in system settings

Verify Fix Applied:

Verify firmware version is no longer 1.0.0.9 after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /goform/SafeEmailFilter with manipulated page parameter
  • Router crash/reboot logs
  • Unusual process execution

Network Indicators:

  • HTTP POST requests to router IP on port 80/443 targeting /goform/SafeEmailFilter with abnormal page parameter values

SIEM Query:

source="router_logs" AND (uri="/goform/SafeEmailFilter" OR process="formSafeEmailFilter")

📊 Metadata

CVE ID: CVE-2025-7792
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.37% exploit probability (58.4th percentile)
Published: July 18, 2025
Last Updated: July 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7792, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)