CVE-2025-6111
BaseFortify
Publication date: 2025-06-16
Last updated on: 2025-06-17
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | fh1205_firmware | 2.0.0.7\(775\) |
| tenda | fh1205 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6111 is a critical stack-based buffer overflow vulnerability in the Tenda FH1205 router firmware version 2.0.0.7(775). It occurs in the fromVirtualSer function of the /goform/VirtualSer endpoint due to improper handling of the 'page' parameter. When an attacker manipulates this parameter with crafted input, it causes a stack-based buffer overflow, which can lead to arbitrary code execution or system compromise. The vulnerability can be exploited remotely without authentication. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to execute arbitrary code on the affected device or cause a denial of service by crashing the router. It compromises the confidentiality, integrity, and availability of the device, potentially leading to system takeover or disruption of network services. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring network traffic for requests to the /goform/VirtualSer endpoint with suspicious or unusually long 'page' parameter values that could trigger the buffer overflow. Since the vulnerability involves a stack-based buffer overflow via the 'page' argument, commands like curl or wget can be used to send crafted requests to the router to test for vulnerability. For example, using curl: curl -v http://<router-ip>/goform/VirtualSer?page=<long_or_malicious_payload>. Additionally, network intrusion detection systems (NIDS) can be configured to alert on such anomalous HTTP requests targeting this endpoint. However, no specific detection commands or signatures are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Tenda FH1205 router running firmware version 2.0.0.7(775) with an alternative device, as no known mitigations or patches are currently available. Limiting remote access to the router's management interface and blocking access to the /goform/VirtualSer endpoint via firewall rules may reduce exposure. Monitoring for exploit attempts and isolating vulnerable devices from untrusted networks are also recommended. [2]