CVE-2025-14995

Name of the Vulnerable Software and Affected Versions Tenda FH1201 version 1.2.0.14(408)

Description A stack-based buffer overflow exists in the sprintf function within the /goform/SetIpBind file of the Tenda FH1201 router. Manipulation of the page argument can trigger this issue, allowing for remote exploitation. The exploit for this issue has been publicly disclosed and is potentially being used in attacks. Recent reports indicate increased actor activity targeting this vulnerability.

Recommendations Restrict access to the /goform/SetIpBind endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.