CVE-2025-1851

CVE-2025-1851 is a critical stack-based buffer overflow vulnerability affecting Tenda AC7 routers running firmware versions up to 15.03.06.44. The issue resides in the formSetFirewallCfg function within the /goform/SetFirewallCfg endpoint, where manipulation of the firewallEn argument triggers the overflow. Classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on March 3, 2025.

The vulnerability enables remote exploitation by low-privileged users (PR:L), requiring no user interaction and low attack complexity over the network. Successful exploitation allows attackers to achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution, denial of service, or full compromise of the affected device.

Advisories from VulDB and a public GitHub repository detail the vulnerability, including a disclosed exploit in the Raining-101/IOT_cve project targeting the specific firmware version. No vendor patch is referenced in available sources, though the Tenda website is listed for potential firmware updates. Security practitioners should isolate affected devices and monitor for exploitation attempts given the public PoC availability.

The exploit has been publicly disclosed and may be actively used, increasing risk for unpatched Tenda AC7 deployments in home or small office environments.