CVE-2025-14994
published 2025-12-21CVE-2025-14994: A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the…
high7.4CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenda | fh1201 | — | — |
| tenda | fh1201 | — | — |
| tenda | fh1201_firmware | — | — |
| tenda | fh1206 | — | — |
| tenda | fh1206 | — | — |
| tenda | fh1206_firmware | — | — |