Tenda Fh1201 Firmware

Stack Buffer Overflow in Tenda FH1201 1.2.0.14(408) FormWrlExtraSet (Remote)
CVE-2026-5046 8.8 - High - March 29, 2026

A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.

Stack Overflow

Tenda FH1201 1.2.0.14 Stack Buffer Overflow in WrlclientSet (remote)
CVE-2026-5045 8.8 - High - March 29, 2026

A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Stack Overflow

Stack Buffer Overflow in Tenda FH1201 1.2.0.14 via SetIpBind
CVE-2025-14995 8.8 - High - December 21, 2025

A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Stack Overflow

Critical Stack Buffer Overflow in Tenda FH1201 1.2.0.14 via PPTPDClient
CVE-2025-7551 8.8 - High - July 14, 2025

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Critical stack overflow in Tenda FH1201 1.2.0.14 SafeEmailFilter
CVE-2025-7548 8.8 - High - July 13, 2025

A vulnerability has been found in Tenda FH1201 1.2.0.14(408) and classified as critical. This vulnerability affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda FH1201 stack-based buffer overflow in frmL7ProtForm v1.2.0.14
CVE-2025-7549 8.8 - High - July 13, 2025

A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda FH1201 V1.2.0.14 Stack Buf Overflow via /goform/GstDhcpSetSer
CVE-2025-7550 8.8 - High - July 13, 2025

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Buffer Overflow in Tenda FH1201 1.2.0.14 HTTP POST Request Handler
CVE-2025-7468 8.8 - High - July 12, 2025

A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerability affects the function fromSafeUrlFilter of the file /goform/fromSafeUrlFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Buffer Overflow via fromRouteStatic in Tenda FH1201 1.2.0.14
CVE-2025-7465 8.8 - High - July 12, 2025

A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Critical Buffer Overflow in Tenda FH1201 1.2.0.14 HTTP POST Handler
CVE-2025-7463 8.8 - High - July 12, 2025

A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP POST Request Handler. The manipulation of the argument mit_ssid leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda FH1201 1.2.0.14 Buffer Overflow via /goform/SafeMacFilter
CVE-2025-6110 8.8 - High - June 16, 2025

A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Tenda FH1201 v1.2.0.14 stack buf overflow in formWrlExtraGet
CVE-2024-44859 - September 04, 2024

Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`.

Tenda FH1201 v1.2.0.14 Stack Overflow DoS via page param
CVE-2024-42955 7.5 - High - August 15, 2024

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1201 v1.2.0.14 Telnet handler RCE
CVE-2024-42947 9.8 - Critical - August 15, 2024

An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request.

Stack Overflow in Tenda FH1201 v1.2.0.14 via P2p List Filter POST -> DoS
CVE-2024-42940 7.5 - High - August 15, 2024

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1201 v1.2.0.14 Stack Overflow via wanmode (DoS)
CVE-2024-42941 7.5 - High - August 15, 2024

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Stack Overflow in Tenda FH1201 1.2.0.14 PPPOEPassword DoS
CVE-2024-42943 7.5 - High - August 15, 2024

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Stack overflow in Tenda FH1201 1.2.0.14(page param) DoS
CVE-2024-42944 7.5 - High - August 15, 2024

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1201 v1.2.0.14 stack overflow via fromVirtualSer causes DoS
CVE-2024-42946 7.5 - High - August 15, 2024

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Stack Overflow in Tenda FH1201 v1.2.0.14 via delno Param Causing DoS
CVE-2024-42948 7.5 - High - August 15, 2024

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1201 v1.2.0.14 Stack Overflow in fromSafeClientFilter
CVE-2024-42950 7.5 - High - August 15, 2024

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1201 v1.2.0.14 Stack Overflow via mit_pptpusrpw DoS
CVE-2024-42951 7.5 - High - August 15, 2024

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1201 v1.2.0.14 Stack Overflow via page param causing DoS
CVE-2024-42952 7.5 - High - August 15, 2024

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption