Tenda F1202 Firmware

Tenda F1202 1.2.0.20 stack overflow via opttype in /goform/PptpUserAdd
CVE-2026-9431 8.8 - High - May 25, 2026

A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.

Stack Overflow

Tenda F1202 1.2.0.20 Buffer Overflow in formGstDhcpSetSer (remote)
CVE-2026-9430 8.8 - High - May 25, 2026

A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Stack Overflow

Stack overflow in Tenda F1202 1.2.0.20(408) formWrlExtraSet
CVE-2026-9429 8.8 - High - May 25, 2026

A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Stack Overflow

Stack Overflow in Tenda F1202 1.2.0.20 via PPTPUserSetting
CVE-2026-9428 8.8 - High - May 25, 2026

A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Stack Overflow

Tenda F1202 1.2.0.20 Stack Overflow in webExcptypemanFilter (Remote)
CVE-2024-3878 8.8 - High - April 16, 2024

A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260912. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda F1202 1.2.0.20 Stack Buffer Overflow via /goform/fromqossetting
CVE-2024-3877 8.8 - High - April 16, 2024

A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function fromqossetting of the file /goform/fromqossetting. The manipulation of the argument qos leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda F1202 1.2.0.20(408) Stack Buffer Overflow in VirtualSer
CVE-2024-3876 8.8 - High - April 16, 2024

A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260910 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda F1202 1.2.0.20 Remote Stack Buffer Overflow Vulnerability
CVE-2024-3875 8.8 - High - April 16, 2024

A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been rated as critical. This issue affects the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260909 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda F1202 v1.2.0.20 stack overflow in fromAddressNat
CVE-2024-30639 - March 29, 2024

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function.

Tenda F1202 1.2.0.20 Stack Overflow via entrys param in fromAddressNat
CVE-2024-30638 - March 29, 2024

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function.

Tenda F1202 v1.2.0.20 (408) - Cmd injection via formWriteFacMac(mac)
CVE-2024-30637 - March 29, 2024

Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter.

Stack Overflow in Tenda F1202 v1.2.0 via PPPOEPassword (formQuickIndex)
CVE-2024-30636 - March 29, 2024

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function.

Tenda F1202 v1.2.0.20(408) Stack Overflow in formSetCfm funcpara1
CVE-2024-30635 - March 29, 2024

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function.

Stack Overflow in Tenda F1202 v1.2.0.20 via mitInterface
CVE-2024-30634 - March 29, 2024

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function.