Tenda Fh1202 Firmware

Tenda FH1202 1.2.0.14 Remote stack overflow via /goform/P2pListFilter
CVE-2026-3811 8.8 - High - March 09, 2026

A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

Stack Overflow

Tenda FH1202 1.2.0.14 stack-based BOF in /goform/DhcpListClient
CVE-2026-3810 8.8 - High - March 09, 2026

A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Stack Overflow

Tenda FH1202 1.2.0.14 Buffer Overflow via getNatStaticSetting (remote)
CVE-2026-3809 8.8 - High - March 09, 2026

A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

Stack Overflow

Tenda FH1202 1.2.0.14 Remote Buffer Overflow in formWebTypeLibrary
CVE-2026-3808 8.8 - High - March 09, 2026

A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

Stack Overflow

Tenda FH1202 1.2.0.14 Remote Buffer Overflow in formWrlsafeset
CVE-2026-3807 8.8 - High - March 09, 2026

A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Stack Overflow

Tenda FH1202 1.2.0.14 Remote Stack Overflow via PPTPUserSetting CVE-2025-7531
CVE-2025-7531 8.8 - High - July 13, 2025

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda FH1202 1.2.0.14 stack-overflow in webExcptypemanFilter (critical)
CVE-2025-7532 8.8 - High - July 13, 2025

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda FH1202 1.2.0.14 buffer overflow in fromPptpUserAdd() (PPTPD)
CVE-2025-7530 8.8 - High - July 13, 2025

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda FH1202 1.2.0.14 stack overflow in gstDhcpSetSer
CVE-2025-7528 8.8 - High - July 13, 2025

A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda FH1202 1.2.0.14 Buffer Overflow via /goform/Natlimit
CVE-2025-7529 8.8 - High - July 13, 2025

A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Tenda FH1202 1.2.0.14 PPPOEPassword Stack Buffer Overflow via /goform/AdvSetWan
CVE-2025-7527 8.8 - High - July 13, 2025

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Critical Stack Buffer Overflow in Tenda FH1202 1.2.0.14 via VirtualSer
CVE-2025-5978 8.8 - High - June 10, 2025

A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Memory Corruption

Tenda FH1202 v1.2.0.14 Improper Access Control in Web Mgt /goform/VirSerDMZ
CVE-2025-3236 5.3 - Medium - April 04, 2025

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Authorization

Tenda FH1202 1.2.0.14 Improper Access Control via /goform/wrlwpsset
CVE-2025-3237 5.3 - Medium - April 04, 2025

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Authorization

Tenda FH1202 1.2.0.14 WebMGMT Access Control Bypass
CVE-2025-2995 5.3 - Medium - March 31, 2025

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Authorization

Tenda FH1202 1.2.0.14 Web UI Improper Access via SysToolDDNS
CVE-2025-2996 5.3 - Medium - March 31, 2025

A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Authorization

Tenda FH1202 1.2.0.14 Remote Improper Access on /default.cfg (Critical)
CVE-2025-2993 5.3 - Medium - March 31, 2025

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Authorization

Tenda FH1202 1.2.0.14 Improper Access Control in Web Mgt /goform/qossetting
CVE-2025-2994 - March 31, 2025

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Critical Access Flaw in Tenda FH1202 1.2.0.14 Web Mgmt /goform/AdvSetWrlsafeset
CVE-2025-2992 5.3 - Medium - March 31, 2025

A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Authorization

Tenda FH1202 1.2.0.14(408) WebUI Improper Access Control (Critical)
CVE-2025-2991 5.3 - Medium - March 31, 2025

A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Authorization

Tenda FH1202 1.2.0.14: Remote Access Control Bypass via /goform
CVE-2025-2990 5.3 - Medium - March 31, 2025

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Authorization

Tenda FH1202 1.2.0.14 Impr AccCtrl in WebMgmt /goform/AdvSetWrl (Critical)
CVE-2025-2989 5.3 - Medium - March 31, 2025

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Authorization

Tenda FH1202 1.2.0.14-408 CMD Injection via formexeCommand
CVE-2024-32282 - April 17, 2024

Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.

Stack overflow in Tenda FH1202 v1.2.0.14 via adslPwd in formWanParameterSetting
CVE-2024-32315 - April 17, 2024

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function.

Memory Corruption

Tenda FH1202 v1.2.0.14 Stack Overflow via PPW in fromWizardHandle
CVE-2024-32302 - April 17, 2024

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.

Memory Corruption

Stack Overflow in Tenda FH1202 v1.2.0.14 deviceId
CVE-2024-30585 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function.

Stack Overflow in Tenda FH1202 v1.2.0.14 saveParentControlInfo
CVE-2024-30591 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function.

Stack Overflow via schedEndTime in setSchedWifi (Tenda FH1202 v1.2.0.14)
CVE-2024-30590 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function.

Tenda FH1202 v1.2.0.14 Stack Overflow in fromAddressNat() entrys param
CVE-2024-30589 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function.

Tenda FH1202 v1.2.0.14 Stack Overflow in setSchedWifi SchedStartTime
CVE-2024-30588 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function.

Tenda FH1202 v1.2.0.14 Stack Overflow in urls param of saveParentControlInfo
CVE-2024-30587 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.

Tenda FH1202 v1.2.0.14 Stack Overflow via security_5g in formWifiBasicSet
CVE-2024-30586 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.

Stack Overflow in Tenda FH1202 v1.2.0.14 - security param in formWifiBasicSet
CVE-2024-30584 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function.

Tenda FH1202 v1.2.0.14 Stack Overflow in fromAddressNat
CVE-2024-30583 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function.

Tenda FH1202 v1.2.0.14(408) Stack Overflow in fromAddressNat
CVE-2024-30592 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function.

Tenda FH1202 v1.2.0.14: Stack Overflow in formSetDeviceName
CVE-2024-30596 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function.

Tenda FH1202 1.2.0.14(408) Stack Overflow in addWifiMacFilter
CVE-2024-30594 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.

Tenda FH1202 v1.2.0.14 Stack Overflow via deviceName
CVE-2024-30593 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function.

Stack Overflow via deviceId in Tenda FH1202 v1.2.0.14 addWifiMacFilter
CVE-2024-30595 - March 28, 2024

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.

Stack Overflow Vulnerability in Tenda FH1202 1.2.0.14 (GetParentControlInfo)
CVE-2024-2987 8.8 - High - March 27, 2024

A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda FH1202 1.2.0.14 Stack Buf Overflow in formQuickIndex
CVE-2024-2985 8.8 - High - March 27, 2024

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda FH1202 1.2.0.14 Buffer Overflow via formSetSpeedWan
CVE-2024-2986 8.8 - High - March 27, 2024

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda FH1202 1.2.0.14: formWriteFacMac CMDInjection
CVE-2024-2982 8.8 - High - March 27, 2024

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Command Injection

Tenda FH1202 1.2.0 Remote Stack BOV via formSetClientState
CVE-2024-2983 8.8 - High - March 27, 2024

A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Stack Bof in Tenda FH1202 1.2.0.14 /goform/setcfm Remote Attack
CVE-2024-2984 8.8 - High - March 27, 2024

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical stack overflow in Tenda FH1202 1.2.0.14(408) /goform/execCommand
CVE-2024-2980 8.8 - High - March 27, 2024

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda FH1202 1.2.0.14 Remote Buffer Overflow in form_fast_setting_wifi_set
CVE-2024-2981 8.8 - High - March 27, 2024

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption