Tenda Fh1206 Firmware

Buffer Overflow in Tenda FH1206 V1.2.0.8 via formWrlsafeset
CVE-2024-44390 8.8 - High - August 23, 2024

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset.

Memory Corruption

Tenda FH1206 V1.2.0.8 Buffer Overflow via formWrlExtraGet
CVE-2024-44387 6.5 - Medium - August 23, 2024

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet.

Memory Corruption

Buffer Overflow via fromSetIpBind in Tenda FH1206 v1.2.0.8
CVE-2024-44386 - August 23, 2024

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind.

Tenda FH1206 v02.03.01.35 Stack Overflow via page param (DoS)
CVE-2024-42984 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1206 v02.03.01.35: Stack Overflow via modino in fromPptpUserAdd cause DoS
CVE-2024-42987 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1206 v02.03.01.35 Stack Overflow in fromSafeUrlFilter (DoS)
CVE-2024-42968 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Stack Overflow in Tenda FH1206 v02.03.01.35 Page Param Allows DoS
CVE-2024-42973 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1206 v2.03.01.35 DoS via page param stack overflow
CVE-2024-42974 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1206 DoS via stack overflow in frmL7ProtForm before v02.03.01.35
CVE-2024-42979 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1206 v2.03.01.35 pptpPPW Stack Overflow DoS via POST
CVE-2024-42983 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1206 v02.03.01.35 Stack Overflow via page param causing DoS
CVE-2024-42969 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Stack Overflow in Tenda FH1206 v02.03.01.35 fromSafeClientFilter leads to DoS
CVE-2024-42976 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1206 v02.03.01.35 Stack Overflow via qos param DoS
CVE-2024-42977 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Arbitrary CMD Exec via /goform/telnet in Tenda FH1206 v02.03.01.35
CVE-2024-42978 9.8 - Critical - August 15, 2024

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.

Stack Overflow in Tenda FH1206 v02.03.01.35 frmL7ImForm causes DoS
CVE-2024-42980 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1206 stack overflow via delno in fromPptpUserSetting (v02.03.01.35)
CVE-2024-42981 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1206 v02.03.01.35 Stack Overflow via page param causes DoS
CVE-2024-42982 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

DoS via Stack Overflow in Tenda FH1206 fromNatlimit (v02.03.01.35)
CVE-2024-42985 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

DoS via Stack Overflow in Tenda FH1206 v02.03.01.35 PPPOEPassword
CVE-2024-42986 7.5 - High - August 15, 2024

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Memory Corruption

Tenda FH1206 02.03.01.35 - Stack Buffer Overflow in formSafeEmailFilter
CVE-2024-7707 9.8 - Critical - August 13, 2024

A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda FH1206 1.2.0.8 Remote Stack BF via /goform/qossetting
CVE-2024-7614 9.8 - Critical - August 12, 2024

A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda FH1206 1.2.0.8 Buffer Overflow in GstDhcpSetSer (CVE-2024-7613)
CVE-2024-7613 9.8 - Critical - August 12, 2024

A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical Buffer Overflow in Tenda FH1206 1.2.0.8 fromSafeClientFilter
CVE-2024-7615 9.8 - Critical - August 12, 2024

A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Command Injection in Tenda FH1206 V1.2.0.8 via ip/goform/formexeCommand
CVE-2024-35340 - May 24, 2024

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand.

Tenda FH1206 V1.2.0.8 cmd injection via mac param
CVE-2024-35339 - May 24, 2024

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac.

Stack Overflow in Tenda FH1206 v1.2.0.8 via /goform/DhcpListClient
CVE-2024-34946 - May 14, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.

Tenda FH1206 v1.2.0.8 Stack BF via PPW (WizardHandle)
CVE-2024-34945 - May 14, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle.

Stack-based Buffer Overflow in Tenda FH1206 1.2.0.8 DhcpListClient
CVE-2024-34944 - May 14, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.

Stack BOF in Tenda FH1206 V1.2.0.8 via /ip/goform/NatStaticSetting
CVE-2024-34943 - May 14, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.

Tenda FH1206 V1.2.0.8 Stack Buffer Overflow via funcpara1 in /goform/exeCommand
CVE-2024-34942 - May 14, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand.

Tenda FH1206 v1.2.0.8 Buffer Overflow via page param (CVE-2024-33217)
CVE-2024-33217 - April 23, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat.

Stack Overflow in Tenda FH1206 1.2.0.8 via mitInterface (ip/goform/addressNat)
CVE-2024-33215 - April 23, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat.

Tenda FH1206 v1.2.0.8 - Stack-Based Buffer Overflow in RouteStatic
CVE-2024-33214 - April 23, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic.

Tenda FH1206 v1.2.0.8 Buffer Overflow via mitInterface in RouteStatic
CVE-2024-33213 - April 23, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic.

Tenda FH1206 V1.2.0.8 Buffer Overflow via setcfm funcpara1
CVE-2024-33212 - April 23, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm.

Tenda FH1206 V1.2.0.8 Stack-based Buffer Overflow via PPPOEPassword
CVE-2024-33211 - April 23, 2024

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex.

Tenda FH1206 1.2.0.8: Remote Buffer Overflow in /goform/addressNat
CVE-2024-4020 8.8 - High - April 20, 2024

A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption