CVE-2025-15007
Remote Stack-Based Buffer Overflow in Tenda WH450 HTTP Handler
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | wh450 | 1.0.0.18 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15007 is a critical stack-based buffer overflow vulnerability in the Tenda WH450 router version 1.0.0.18. It exists in the HTTP Request Handler component at the /goform/L7Im endpoint. By manipulating the 'page' argument with crafted input, an attacker can trigger a stack-based buffer overflow remotely without authentication. This flaw allows attackers to execute arbitrary code or cause denial of service conditions on the device. [2, 3]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing remote attackers to execute arbitrary code on the affected device or cause denial of service (DoS). This compromises the confidentiality, integrity, and availability of the device, potentially leading to unauthorized control, disruption of network services, or further exploitation within your network. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the /goform/L7Im endpoint on the Tenda WH450 router, specifically looking for unusually long or crafted inputs in the "page" parameter that could trigger the stack-based buffer overflow. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such suspicious requests. Additionally, manual testing can be performed by sending crafted HTTP requests with long "page" parameters to the endpoint to check for abnormal behavior or crashes. Specific commands could include using curl or similar tools to send such requests, for example: curl -X POST http://<router-ip>/goform/L7Im -d "page=$(python -c 'print("A"*1000)')". However, no official detection scripts or signatures are provided in the resources. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Tenda WH450 device with an alternative product, as no known countermeasures or patches currently exist. It is recommended to isolate the vulnerable device from untrusted networks to reduce exposure. Network administrators should monitor for exploit attempts and consider implementing network-level protections such as blocking access to the /goform/L7Im endpoint or filtering suspicious HTTP requests. Since the exploit is publicly available and easy to execute remotely without authentication, urgent action is advised. [2]