CNNVD-202512-3875 Information

Dec 21, 2025 cve

CNNVD ID

CNNVD-202512-3875

CVE-2025-14994

CNNVD Published: 2025-12-21

Description (Chinese)

Tenda FH1206和Tenda FH1201都是中国腾达（Tenda）公司的一款无线路由器。 Tenda FH1206和Tenda FH1201 1.2.0.14(408)版本和1.2.0.8(8155)版本存在安全漏洞，该漏洞源于组件HTTP Request Handler中文件/goform/webtypelibrary的strcat函数对参数webSiteId处理不当，可能导致栈缓冲区溢出。

Description (English)

Tenda FH 1206 and Tenda FH 1201 are both Tenda ’ s wireless routers. There is a security loophole between Tenda FH1206 and Tenda FH1201 1.2.0.14 (408) and 1.2.0.8 (8155), which stems from the inappropriate handling of parameters by webSiteId of the stcat function in component HTTP Request Handler.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

腾达

Published

2025-12-21

Last Modified

2026-02-24

References

https://vuldb.com/?submit.719153 https://www.tenda.com.cn/ https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1206/webtyplibrary/webtypelibrary.md https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/webtyplibrary/webtypelibrary.md https://vuldb.com/?ctiid.337688 https://vuldb.com/?submit.719155 https://vuldb.com/?id.337688 https://access.redhat.com/security/cve/cve-2025-14994

Share on: