CVE Details
Basic Information
| Title | Tenda FH451 POST Request WizardHandle fromWizardHandle buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-07-17T17:14:09.386Z |
| Modified | 2025-07-17T17:14:09.386Z |
Product Information
| Vendor | Tenda |
|---|---|
| Product | FH451 |
| Version | 1.0.0.9 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical buffer overflow vulnerability in Tenda FH451 version 1.0.0.9 allows remote attackers to execute arbitrary code via a crafted POST request to /goform/WizardHandle, potentially leading to full system compromise without requiring authentication. |
|---|---|
| AI Severity | High |
| AI Vendor | Tenda |
| AI Product | Tenda FH451 |
| AI Version | 1.0.0.9 |
Affected Products
- Tenda FH451 1.0.0.9
Additional Information
| CWE List | CWE-120, CWE-119 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The manipulation of the argument PPW leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.