CVE-2025-15177

HIGH

Tenda Wh450 Firmware - Memory Corruption

Title source: rule

Description

A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC

by yt2w · poc

https://github.com/yt2w/CVE-2025-15177

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/SetIpBind/SetIpBind.md

[Exploit, Third Party Advisory] https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_WH450/SetIpBind/SetIpBind.md#reproduce

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.338562

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.338562

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.721216

[Product] https://www.tenda.com.cn/

Scores

CVSS v3 7.2

EPSS 0.0013

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-119

Status published

Products (1)

tenda/wh450_firmware 1.0.0.18

Published Dec 29, 2025

Tracked Since Feb 18, 2026