CVE-2025-14665

CriticalPublic PoC

Published: 14 December 2025

Published

14 December 2025

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0019 40.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be…

executed remotely. The exploit has been released to the public and may be used for attacks.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validates the 'page' argument in HTTP requests to /goform/DhcpListClient, preventing stack-based buffer overflows from malformed or oversized inputs.

SI-16 Memory Protection good match

prevent

Provides runtime memory protections like stack canaries, DEP, and ASLR to block exploitation of the stack-based buffer overflow vulnerability.

SI-2 Flaw Remediation good match

prevent

Ensures timely flaw remediation through patching or mitigation of the buffer overflow in the Tenda WH450 firmware's HTTP request handler.

Security SummaryAI

CVE-2025-14665 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) in Tenda WH450 firmware version 1.0.0.18. The issue affects an unknown function in the /goform/DhcpListClient file within the HTTP Request Handler component, where manipulation of the "page" argument triggers the overflow. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-12-14.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution on the affected device.

Advisories reference a publicly available proof-of-concept exploit on GitHub, including reproduction instructions, hosted at https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/DhcpListClient/DhcpListClient.md. Additional details are provided on VulDB (https://vuldb.com/?ctiid.336397, https://vuldb.com/?id.336397, https://vuldb.com/?submit.714400). No vendor patches are mentioned in the available references.

The exploit has been released to the public and may be used for attacks, increasing the risk of real-world exploitation against unpatched Tenda WH450 devices.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

wh450 firmware

1.0.0.18

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated stack-based buffer overflow in public-facing HTTP endpoint (/goform/DhcpListClient) on Tenda WH450 router enables remote code execution via exploitation of public-facing application.

References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/DhcpListClient/DhcpListClient.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/DhcpListClient/DhcpListClient.md#reproduce
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.336397
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.336397
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.714400
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.719220
cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com