CVE-2025-5080
Critical vulnerability found in Tenda FH451 1.0.0.9 leading to stack-based buffer overflow.
Overview
A critical vulnerability has been discovered in Tenda FH451 1.0.0.9. It affects the function webExcptypemanFilter and allows for stack-based buffer overflow. The vulnerability is exploitable remotely, and the exploit has been disclosed publicly, increasing its potential impact.
Technical Details
The vulnerability involves the manipulation of the argument page in the function webExcptypemanFilter of the file '/goform/webExcptypemanFilter'. This leads to a stack-based buffer overflow - a type of overflow error where excessive data leads to overwriting in the stack.
CVSS Metrics
- CVSS Base Score: 8.7
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: LOW
- User Interaction: NONE
- Confidentiality Impact: HIGH
- Integrity Impact: HIGH
- Availability Impact: HIGH
Impact
Due to this vulnerability, the attacker can launch an attack remotely, compromising the system's confidentiality, integrity, and availability.
Recommendations
The users of the affected version should update their systems to the latest version or apply patches released by the vendor. Regular updating and patching of the system is recommended.
Threat Metrics
- "cvss_score": 8.7
- "severity": HIGH
- "attack_vector": NETWORK
- "attack_complexity": LOW
- "privileges_required": LOW
- "user_interaction": NONE
- "confidentiality_impact": HIGH
- "integrity_impact": HIGH
- "availability_impact": HIGH