Cyber Posture

CVE-2025-14994

HighPublic PoC

Published: 21 December 2025

Published
21 December 2025
Modified
31 December 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0017 37.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible…

more

to be carried out remotely. The exploit has been published and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 requires validation of the webSiteId input argument to prevent stack-based buffer overflows from improper strcat usage in the HTTP request handler.

SI-16 Memory Protection good match
prevent

SI-16 enforces memory protections like stack canaries, ASLR, and DEP to mitigate exploitation of the stack-based buffer overflow vulnerability.

SI-2 Flaw Remediation good match
prevent

SI-2 mandates timely flaw remediation through firmware patching to address the specific buffer overflow in Tenda FH1201/FH1206 routers.

Security SummaryAI

CVE-2025-14994 is a stack-based buffer overflow vulnerability in the strcat function within the /goform/webtypelibrary endpoint of the HTTP Request Handler component. It affects Tenda FH1201 and FH1206 routers running firmware versions 1.2.0.14(408) and 1.2.0.8(8155). The issue stems from improper manipulation of the webSiteId argument, as documented with associated CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow). The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), such as an authenticated user on the network. Exploitation involves sending a crafted HTTP request to the vulnerable endpoint, triggering the buffer overflow. Successful exploitation grants high-impact confidentiality, integrity, and availability consequences, potentially allowing arbitrary code execution, data theft, or denial of service on the affected router.

References include proof-of-concept exploits published on GitHub for both Tenda FH1201 and FH1206 models, detailing the buffer overflow in the webtypelibrary function. VulDB entries document the issue but do not specify patches or vendor mitigations in the provided information. The public availability of exploits increases the risk of real-world attacks.

Details

CWE(s)
CWE-119CWE-121

Affected Products

tenda
fh1201 firmware
1.2.0.14\(408\)
tenda
fh1206 firmware
1.2.0.8\(8155\)

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Remote stack-based buffer overflow in router HTTP handler (/goform/webtypelibrary) enables exploitation of public-facing web applications and remote services for potential RCE.

References