CVE-2025-69700
Stack-Based Buffer Overflow in Tenda FH1203 CGI Handler
Publication date: 2026-02-23
Last updated on: 2026-02-24
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | fh1203_firmware | 2.0.1.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-69700 is a stack-based buffer overflow vulnerability found in the Tenda FH1203 router's firmware version V2.0.1.6. The flaw exists in the function modify_add_client_prio, which is called via the SetClientPrio CGI handler."}, {'type': 'paragraph', 'content': 'In this function, user-controlled parameters ip and mac are obtained without any length validation and then concatenated into a fixed-size stack buffer using sprintf. Because there is no bounds checking, supplying overly long ip and/or mac values can overflow the buffer.'}, {'type': 'paragraph', 'content': 'An attacker can exploit this remotely by sending a crafted HTTP request with specific parameters to the SetClientPrio CGI endpoint, potentially causing a denial of service or even arbitrary code execution.'}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to remotely cause a denial of service on your Tenda FH1203 router, leading to crashes or reboots.
More severely, it may allow an attacker to execute arbitrary code on the device, potentially compromising the router and any network it protects.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP requests sent to the SetClientPrio CGI endpoint on the Tenda FH1203 router firmware V2.0.1.6. Specifically, look for requests where the parameter op is not equal to 0 and the ip and/or mac parameters contain unusually long values that could trigger the stack-based buffer overflow.'}, {'type': 'paragraph', 'content': 'To detect potential exploitation attempts, you can use network monitoring tools or packet capture utilities to filter HTTP requests targeting the SetClientPrio CGI handler and inspect the length of the ip and mac parameters.'}, {'type': 'list_item', 'content': 'Use tcpdump or Wireshark to capture HTTP traffic to the router and filter for requests to "/cgi-bin/SetClientPrio".'}, {'type': 'list_item', 'content': "Example tcpdump command: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'SetClientPrio'"}, {'type': 'list_item', 'content': 'Inspect captured HTTP GET or POST requests for parameters op (not equal to 0), and check if ip or mac parameters have abnormally long strings.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the SetClientPrio CGI handler to trusted networks or devices only, to prevent remote attackers from sending malicious requests.
Additionally, monitor router logs and network traffic for suspicious requests targeting the SetClientPrio endpoint with unusual parameter lengths.
If possible, update the router firmware to a version that patches this vulnerability once it becomes available from the vendor.
As a temporary workaround, consider disabling the CGI handler or applying firewall rules to block HTTP requests containing the SetClientPrio path.