CVE-2025-15008

HighPublic PoC

Published: 22 December 2025

Published

22 December 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0011 28.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated…

remotely. The exploit is now public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the stack-based buffer overflow vulnerability by requiring timely application of vendor firmware patches or updates for the affected Tenda WH450 router.

SI-10 Information Input Validation good match

prevent

Prevents exploitation of the buffer overflow by enforcing validation of the 'page' argument in HTTP requests to the /goform/L7Port endpoint, restricting operations within memory bounds.

SI-16 Memory Protection good match

prevent

Mitigates stack-based buffer overflow exploits through memory protections such as stack canaries, ASLR, and DEP, limiting unauthorized code execution from the overflow.

Security SummaryAI

CVE-2025-2025-15008 is a stack-based buffer overflow vulnerability affecting the Tenda WH450 router on firmware version 1.0.0.18. The flaw exists in an unknown part of the /goform/L7Port file within the HTTP Request Handler component, where manipulation of the "page" argument triggers the overflow. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), and carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), rating it as high severity.

The vulnerability enables remote exploitation without authentication or user interaction. An attacker can send a crafted HTTP request to the affected endpoint, causing a stack-based buffer overflow that may lead to limited impacts on confidentiality, integrity, and availability, such as partial data disclosure, modification, or denial of service.

Advisories and references, including VulDB entries (vuldb.com/?ctiid.337714, vuldb.com/?id.337714) and a public proof-of-concept on GitHub (github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/L7Prot/L7Prot.md), detail the issue and provide reproduction steps. The exploit is publicly available and may be used, as noted in the CVE description published on 2025-12-22. No specific patches or mitigations are mentioned in the available information.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

wh450 firmware

1.0.0.18

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in the unauthenticated, public-facing HTTP handler (/goform/L7Port) enables remote exploitation of a public-facing application.

References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/L7Prot/L7Prot.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/L7Prot/L7Prot.md#reproduce
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.337714
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.337714
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.719317
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com