CVE-2025-7795 – A critical stack-based buffer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-7795?

CVE-2025-7795 has a CVSS score of 8.8 (HIGH). A critical stack-based buffer overflow vulnerability in Tenda FH451 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fromP2pListFilter function. This affects Tenda FH451 routers running firmware version 1.0.0.9. Successful exploitation could lead to complete device compromise.

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Tenda FH451 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fromP2pListFilter function. This affects Tenda FH451 routers running firmware version 1.0.0.9. Successful exploitation could lead to complete device compromise.

💻 Affected Systems

Products:

Tenda FH451

Versions: 1.0.0.9

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface which is typically accessible on LAN and sometimes exposed to WAN.

📦 What is this software?

Fh451 Firmware by Tenda

View all CVEs affecting Fh451 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, credential theft, network pivoting, and persistent backdoor installation.

🟠

Likely Case

Router compromise allowing attacker to intercept network traffic, modify DNS settings, or disable security features.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and regular patching is performed.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available, remote exploitation without authentication, simple buffer overflow technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates 2. Download latest firmware 3. Access router admin interface 4. Navigate to firmware upgrade section 5. Upload and apply new firmware 6. Reboot router

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent WAN access to router management interface

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected router with different model or vendor
Implement strict firewall rules blocking all WAN access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is 1.0.0.9, device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Version page

Verify Fix Applied:

Verify firmware version has changed from 1.0.0.9 to a newer version after update.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/P2pListFilter
Multiple failed buffer overflow attempts
Sudden router reboots or crashes

Network Indicators:

Unusual traffic patterns to router management port
Exploit strings in HTTP requests to router

SIEM Query:

source="router_logs" AND (uri="/goform/P2pListFilter" OR message="buffer overflow")

📊 Metadata

CVE ID: CVE-2025-7795

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 10.93% exploit probability (93.2th percentile)

Published: July 18, 2025

Last Updated: July 23, 2025

🔗 References

https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromP2pListFilter.md Exploit,Third Party Advisory
https://github.com/panda666-888/vuls/blob/main/tenda/fh451/fromP2pListFilter.md#poc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.316856 Permissions Required
https://vuldb.com/?id.316856 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.616344 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7795, you might also want to check these: