CVE-2025-7855 HIGH

CVE-2025-7855: Tenda FH451 qossetting fromqossetting stack-based overflow

Vendor Tenda
Product FH451
Weakness CWE-121
Published July 19, 2025
Last update July 22, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely.

Key dates

02Disclosure timeline

July 19, 2025 CVE published
July 22, 2025 Record updated