Refine your search
33 vulnerabilities found for FH1202 by Tenda
CVE-2026-7035 (GCVE-0-2026-7035)
Vulnerability from cvelistv5
Published
2026-04-26 11:15
Modified
2026-04-27 13:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7035",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:10:51.185092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:10:58.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"httpd"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LtzHuster (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-26T11:15:11.839Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-359615 | Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/359615"
},
{
"name": "VDB-359615 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/359615/cti"
},
{
"name": "Submit #798477 | Tenda FH1202 1.2.0.14(408) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/798477"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Litengzheng/vuldb_new/blob/main/FH1202/vul_20/README.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-25T18:00:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7035",
"datePublished": "2026-04-26T11:15:11.839Z",
"dateReserved": "2026-04-25T14:22:57.920Z",
"dateUpdated": "2026-04-27T13:10:58.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7034 (GCVE-0-2026-7034)
Vulnerability from cvelistv5
Published
2026-04-26 11:00
Modified
2026-04-27 12:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7034",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T12:47:36.432745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T12:47:47.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"httpd"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LtzHuster (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-26T11:00:20.772Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-359614 | Tenda FH1202 httpd WrlExtraSet stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/359614"
},
{
"name": "VDB-359614 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/359614/cti"
},
{
"name": "Submit #798476 | Tenda FH1202 1.2.0.14(408) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/798476"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Litengzheng/vuldb_new/blob/main/FH1202/vul_19/README.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-25T16:28:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 httpd WrlExtraSet stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7034",
"datePublished": "2026-04-26T11:00:20.772Z",
"dateReserved": "2026-04-25T14:22:54.448Z",
"dateUpdated": "2026-04-27T12:47:47.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3811 (GCVE-0-2026-3811)
Vulnerability from cvelistv5
Published
2026-03-09 08:32
Modified
2026-03-09 18:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3811",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T18:15:59.458401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T18:16:40.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m202572177 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T08:32:09.124Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349777 | Tenda FH1202 P2pListFilter fromP2pListFilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349777"
},
{
"name": "VDB-349777 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349777"
},
{
"name": "Submit #769041 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769041"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-p2plistfilter-page-buffer-overflow"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-08T17:28:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 P2pListFilter fromP2pListFilter stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3811",
"datePublished": "2026-03-09T08:32:09.124Z",
"dateReserved": "2026-03-08T16:22:56.760Z",
"dateUpdated": "2026-03-09T18:16:40.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3810 (GCVE-0-2026-3810)
Vulnerability from cvelistv5
Published
2026-03-09 08:02
Modified
2026-03-10 16:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T16:04:58.189848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T16:05:06.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m202572177 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T08:02:09.919Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349776 | Tenda FH1202 DhcpListClient fromDhcpListClient stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349776"
},
{
"name": "VDB-349776 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349776"
},
{
"name": "Submit #769040 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769040"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-dhcplistclient-page-buffer-overflow"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-08T17:28:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 DhcpListClient fromDhcpListClient stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3810",
"datePublished": "2026-03-09T08:02:09.919Z",
"dateReserved": "2026-03-08T16:22:52.352Z",
"dateUpdated": "2026-03-10T16:05:06.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3809 (GCVE-0-2026-3809)
Vulnerability from cvelistv5
Published
2026-03-09 07:32
Modified
2026-03-10 15:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T15:31:14.657786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T15:32:15.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m202572177 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T07:32:11.491Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349775 | Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349775"
},
{
"name": "VDB-349775 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349775"
},
{
"name": "Submit #769039 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769039"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-natsaticsetting-page-buffer-overflow"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-08T17:28:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3809",
"datePublished": "2026-03-09T07:32:11.491Z",
"dateReserved": "2026-03-08T16:22:48.509Z",
"dateUpdated": "2026-03-10T15:32:15.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3808 (GCVE-0-2026-3808)
Vulnerability from cvelistv5
Published
2026-03-09 07:02
Modified
2026-03-10 15:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T15:34:48.440675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T15:38:14.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Manner814 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T07:02:08.736Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349774 | Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349774"
},
{
"name": "VDB-349774 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349774"
},
{
"name": "Submit #769023 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769023"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-webtypelibrary-websiteid-buffer-overflow"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-08T17:28:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3808",
"datePublished": "2026-03-09T07:02:08.736Z",
"dateReserved": "2026-03-08T16:22:45.108Z",
"dateUpdated": "2026-03-10T15:38:14.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3807 (GCVE-0-2026-3807)
Vulnerability from cvelistv5
Published
2026-03-09 06:32
Modified
2026-03-10 15:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3807",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T15:44:02.273541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T15:44:51.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Fan95 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T06:32:08.531Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349773 | Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349773"
},
{
"name": "VDB-349773 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349773"
},
{
"name": "Submit #769019 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769019"
},
{
"name": "Submit #769020 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769020"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-advsetwrlsafeset-mit-ssid-buffer-overflow"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-08T17:28:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3807",
"datePublished": "2026-03-09T06:32:08.531Z",
"dateReserved": "2026-03-08T16:22:36.756Z",
"dateUpdated": "2026-03-10T15:44:51.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7532 (GCVE-0-2025-7532)
Vulnerability from cvelistv5
Published
2025-07-13 16:02
Modified
2025-07-14 16:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7532",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:05:37.210129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:05:45.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromwebExcptypemanFilter.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panda_0x1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda FH1202 1.2.0.14(408) wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion fromwebExcptypemanFilter der Datei /goform/webExcptypemanFilter. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T16:02:08.791Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316228 | Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316228"
},
{
"name": "VDB-316228 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316228"
},
{
"name": "Submit #612958 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.612958"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromwebExcptypemanFilter.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T13:34:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7532",
"datePublished": "2025-07-13T16:02:08.791Z",
"dateReserved": "2025-07-12T11:28:45.331Z",
"dateUpdated": "2025-07-14T16:05:45.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7531 (GCVE-0-2025-7531)
Vulnerability from cvelistv5
Published
2025-07-13 15:32
Modified
2025-07-14 16:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7531",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:06:15.761000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:06:18.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserSetting.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panda_0x1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) gefunden. Es geht dabei um die Funktion fromPptpUserSetting der Datei /goform/PPTPUserSetting. Durch Beeinflussen des Arguments delno mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T15:32:06.988Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316227 | Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316227"
},
{
"name": "VDB-316227 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316227"
},
{
"name": "Submit #612957 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.612957"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserSetting.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T13:33:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7531",
"datePublished": "2025-07-13T15:32:06.988Z",
"dateReserved": "2025-07-12T11:28:42.196Z",
"dateUpdated": "2025-07-14T16:06:18.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7530 (GCVE-0-2025-7530)
Vulnerability from cvelistv5
Published
2025-07-13 15:02
Modified
2025-07-14 16:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7530",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:02:41.911215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:02:45.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserAdd.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panda_0x1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) entdeckt. Es geht hierbei um die Funktion fromPptpUserAdd der Datei /goform/PPTPDClient. Durch das Beeinflussen des Arguments Username mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T15:02:07.201Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316226 | Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316226"
},
{
"name": "VDB-316226 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316226"
},
{
"name": "Submit #612956 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.612956"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserAdd.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T13:33:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7530",
"datePublished": "2025-07-13T15:02:07.201Z",
"dateReserved": "2025-07-12T11:28:39.271Z",
"dateUpdated": "2025-07-14T16:02:45.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7529 (GCVE-0-2025-7529)
Vulnerability from cvelistv5
Published
2025-07-13 12:02
Modified
2025-07-14 16:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7529",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:06:48.256565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:06:51.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromNatlimit.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panda_0x1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda FH1202 1.2.0.14(408) wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion fromNatlimit der Datei /goform/Natlimit. Durch Manipulieren des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T12:02:06.294Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316225 | Tenda FH1202 Natlimit fromNatlimit stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316225"
},
{
"name": "VDB-316225 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316225"
},
{
"name": "Submit #612955 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.612955"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromNatlimit.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T13:33:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 Natlimit fromNatlimit stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7529",
"datePublished": "2025-07-13T12:02:06.294Z",
"dateReserved": "2025-07-12T11:28:36.206Z",
"dateUpdated": "2025-07-14T16:06:51.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7528 (GCVE-0-2025-7528)
Vulnerability from cvelistv5
Published
2025-07-13 11:32
Modified
2025-07-15 19:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7528",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:44:15.065520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:53:48.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromGstDhcpSetSer.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panda_0x1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) entdeckt. Betroffen hiervon ist die Funktion fromGstDhcpSetSer der Datei /goform/GstDhcpSetSer. Durch das Manipulieren des Arguments dips mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T11:32:06.765Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316224 | Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316224"
},
{
"name": "VDB-316224 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316224"
},
{
"name": "Submit #612948 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.612948"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromGstDhcpSetSer.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T13:33:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7528",
"datePublished": "2025-07-13T11:32:06.765Z",
"dateReserved": "2025-07-12T11:28:33.573Z",
"dateUpdated": "2025-07-15T19:53:48.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7527 (GCVE-0-2025-7527)
Vulnerability from cvelistv5
Published
2025-07-13 10:32
Modified
2025-07-15 19:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7527",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:44:20.267791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:53:55.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromAdvSetWan.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panda_0x1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion fromAdvSetWan der Datei /goform/AdvSetWan. Mittels Manipulieren des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T10:32:07.306Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316223 | Tenda FH1202 AdvSetWan fromAdvSetWan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316223"
},
{
"name": "VDB-316223 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316223"
},
{
"name": "Submit #612941 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.612941"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromAdvSetWan.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T13:33:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 AdvSetWan fromAdvSetWan stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7527",
"datePublished": "2025-07-13T10:32:07.306Z",
"dateReserved": "2025-07-12T11:28:30.697Z",
"dateUpdated": "2025-07-15T19:53:55.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5978 (GCVE-0-2025-5978)
Vulnerability from cvelistv5
Published
2025-06-10 20:31
Modified
2025-06-11 13:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5978",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:47:20.858863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:48:26.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14 ausgemacht. Hiervon betroffen ist die Funktion fromVirtualSer der Datei /goform/VirtualSer. Mittels Manipulieren des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T20:31:07.787Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311856 | Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311856"
},
{
"name": "VDB-311856 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311856"
},
{
"name": "Submit #592462 | Tenda FH1202 FH1202 V1.2.0.14(408) Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.592462"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f?source=copy_link"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-10T13:53:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5978",
"datePublished": "2025-06-10T20:31:07.787Z",
"dateReserved": "2025-06-10T11:48:44.341Z",
"dateUpdated": "2025-06-11T13:48:26.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3237 (GCVE-0-2025-3237)
Vulnerability from cvelistv5
Published
2025-04-04 10:00
Modified
2025-04-04 12:51
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3237",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T12:50:20.391141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T12:51:04.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /goform/wrlwpsset. Durch Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T10:00:15.289Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-303263 | Tenda FH1202 wrlwpsset access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.303263"
},
{
"name": "VDB-303263 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.303263"
},
{
"name": "Submit #546368 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.546368"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-wrlwpsset-1bc53a41781f80aeb9a6de676fe25e6d?pvs=4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-03T20:55:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 wrlwpsset access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3237",
"datePublished": "2025-04-04T10:00:15.289Z",
"dateReserved": "2025-04-03T18:50:07.033Z",
"dateUpdated": "2025-04-04T12:51:04.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3236 (GCVE-0-2025-3236)
Vulnerability from cvelistv5
Published
2025-04-04 09:31
Modified
2025-04-04 14:27
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3236",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:27:28.286078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:27:44.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_mie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda FH1202 1.2.0.14(408) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /goform/VirSerDMZ der Komponente Web Management Interface. Durch die Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T09:31:13.572Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-303262 | Tenda FH1202 Web Management Interface VirSerDMZ access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.303262"
},
{
"name": "VDB-303262 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.303262"
},
{
"name": "Submit #546367 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.546367"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-VirSerDMZ-1bc53a41781f809b9e6cdd60fe4e428c?pvs=4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-03T20:55:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 Web Management Interface VirSerDMZ access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3236",
"datePublished": "2025-04-04T09:31:13.572Z",
"dateReserved": "2025-04-03T18:50:04.697Z",
"dateUpdated": "2025-04-04T14:27:44.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2996 (GCVE-0-2025-2996)
Vulnerability from cvelistv5
Published
2025-03-31 13:00
Modified
2025-03-31 13:25
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2996",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T13:25:00.965966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T13:25:29.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) gefunden. Davon betroffen ist unbekannter Code der Datei /goform/SysToolDDNS der Komponente Web Management Interface. Durch das Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T13:00:13.850Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-302045 | Tenda FH1202 Web Management Interface SysToolDDNS access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.302045"
},
{
"name": "VDB-302045 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.302045"
},
{
"name": "Submit #523419 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.523419"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-SysToolDDNS-1bc53a41781f8012a03be8bebed1125b?pvs=4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-30T19:21:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 Web Management Interface SysToolDDNS access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2996",
"datePublished": "2025-03-31T13:00:13.850Z",
"dateReserved": "2025-03-30T17:16:06.774Z",
"dateUpdated": "2025-03-31T13:25:29.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2995 (GCVE-0-2025-2995)
Vulnerability from cvelistv5
Published
2025-03-31 12:31
Modified
2025-03-31 14:19
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2995",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T14:19:31.545160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T14:19:46.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-SysToolChangePwd-1bc53a41781f809b95a4efb617090d3c"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_backup (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda FH1202 1.2.0.14(408) wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /goform/SysToolChangePwd der Komponente Web Management Interface. Mittels Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:31:11.879Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-302044 | Tenda FH1202 Web Management Interface SysToolChangePwd access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.302044"
},
{
"name": "VDB-302044 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.302044"
},
{
"name": "Submit #523418 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.523418"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-SysToolChangePwd-1bc53a41781f809b95a4efb617090d3c?pvs=4"
},
{
"tags": [
"broken-link",
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-30T19:21:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 Web Management Interface SysToolChangePwd access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2995",
"datePublished": "2025-03-31T12:31:11.879Z",
"dateReserved": "2025-03-30T17:16:04.442Z",
"dateUpdated": "2025-03-31T14:19:46.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2994 (GCVE-0-2025-2994)
Vulnerability from cvelistv5
Published
2025-03-31 12:00
Modified
2025-03-31 12:39
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2994",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:39:28.047673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:39:32.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-qossetting-1bc53a41781f80a2aa2fde152bf948b5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /goform/qossetting der Komponente Web Management Interface. Mittels dem Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:00:09.827Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-302043 | Tenda FH1202 Web Management Interface qossetting access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.302043"
},
{
"name": "VDB-302043 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.302043"
},
{
"name": "Submit #523417 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.523417"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-qossetting-1bc53a41781f80a2aa2fde152bf948b5?pvs=4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-30T19:21:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 Web Management Interface qossetting access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2994",
"datePublished": "2025-03-31T12:00:09.827Z",
"dateReserved": "2025-03-30T17:16:01.802Z",
"dateUpdated": "2025-03-31T12:39:32.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2993 (GCVE-0-2025-2993)
Vulnerability from cvelistv5
Published
2025-03-31 11:31
Modified
2025-03-31 12:03
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2993",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:01:32.511180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:03:20.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_mie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) entdeckt. Dies betrifft einen unbekannten Teil der Datei /default.cfg. Durch Manipulation des Arguments these mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T11:31:07.084Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-302042 | Tenda FH1202 default.cfg access control",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.302042"
},
{
"name": "VDB-302042 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.302042"
},
{
"name": "Submit #523416 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.523416"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-default-cfg-1bc53a41781f806d8016cd4e73ca4d6f?pvs=4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-30T19:21:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 default.cfg access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2993",
"datePublished": "2025-03-31T11:31:07.084Z",
"dateReserved": "2025-03-30T17:15:59.176Z",
"dateUpdated": "2025-03-31T12:03:20.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2992 (GCVE-0-2025-2992)
Vulnerability from cvelistv5
Published
2025-03-31 11:00
Modified
2025-03-31 12:09
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2992",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:04:28.637337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:09:11.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda FH1202 1.2.0.14(408) wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /goform/AdvSetWrlsafeset der Komponente Web Management Interface. Durch die Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T11:00:09.853Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-302041 | Tenda FH1202 Web Management Interface AdvSetWrlsafeset access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.302041"
},
{
"name": "VDB-302041 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.302041"
},
{
"name": "Submit #523413 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.523413"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlsafeset-1bc53a41781f809bb808deffc226401d?pvs=4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-30T19:21:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 Web Management Interface AdvSetWrlsafeset access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2992",
"datePublished": "2025-03-31T11:00:09.853Z",
"dateReserved": "2025-03-30T17:15:56.301Z",
"dateUpdated": "2025-03-31T12:09:11.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2991 (GCVE-0-2025-2991)
Vulnerability from cvelistv5
Published
2025-03-31 10:31
Modified
2025-03-31 12:36
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2991",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:36:10.440019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:36:34.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) entdeckt. Es betrifft eine unbekannte Funktion der Datei /goform/AdvSetWrlmacfilter der Komponente Web Management Interface. Mit der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T10:31:06.850Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-302040 | Tenda FH1202 Web Management Interface AdvSetWrlmacfilter access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.302040"
},
{
"name": "VDB-302040 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.302040"
},
{
"name": "Submit #523412 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.523412"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlmacfilter-1bc53a41781f807d97f3d01957f442a0?pvs=4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-30T19:21:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 Web Management Interface AdvSetWrlmacfilter access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2991",
"datePublished": "2025-03-31T10:31:06.850Z",
"dateReserved": "2025-03-30T17:15:53.684Z",
"dateUpdated": "2025-03-31T12:36:34.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2990 (GCVE-0-2025-2990)
Vulnerability from cvelistv5
Published
2025-03-31 10:00
Modified
2025-03-31 12:40
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2990",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:40:49.135096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:40:52.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlGstset-1bc53a41781f8057a621c3def0a56069"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_tu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /goform/AdvSetWrlGstset der Komponente Web Management Interface. Dank Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T10:00:13.250Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-302039 | Tenda FH1202 Web Management Interface AdvSetWrlGstset access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.302039"
},
{
"name": "VDB-302039 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.302039"
},
{
"name": "Submit #523404 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.523404"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrlGstset-1bc53a41781f8057a621c3def0a56069?pvs=4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-30T19:21:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 Web Management Interface AdvSetWrlGstset access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2990",
"datePublished": "2025-03-31T10:00:13.250Z",
"dateReserved": "2025-03-30T17:15:50.572Z",
"dateUpdated": "2025-03-31T12:40:52.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2989 (GCVE-0-2025-2989)
Vulnerability from cvelistv5
Published
2025-03-31 09:31
Modified
2025-03-31 12:43
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2989",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:43:22.402361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:43:26.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrl-1bc53a41781f8011b0b4d3d65cacc82f"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Interface"
],
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_mie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda FH1202 1.2.0.14(408) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /goform/AdvSetWrl der Komponente Web Management Interface. Dank der Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T09:31:06.697Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-302038 | Tenda FH1202 Web Management Interface AdvSetWrl access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.302038"
},
{
"name": "VDB-302038 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.302038"
},
{
"name": "Submit #523402 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.523402"
},
{
"tags": [
"exploit"
],
"url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-AdvSetWrl-1bc53a41781f8011b0b4d3d65cacc82f?pvs=4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-30T19:21:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 Web Management Interface AdvSetWrl access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2989",
"datePublished": "2025-03-31T09:31:06.697Z",
"dateReserved": "2025-03-30T17:15:26.673Z",
"dateUpdated": "2025-03-31T12:43:26.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12002 (GCVE-0-2024-12002)
Vulnerability from cvelistv5
Published
2024-11-30 13:00
Modified
2024-12-02 15:54
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T15:53:24.555896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T15:54:21.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH451",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241129"
}
]
},
{
"product": "FH1201",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241129"
}
]
},
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241129"
}
]
},
{
"product": "FH1206",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241129"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kalv1n2077 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Tenda FH451, FH1201, FH1202 and FH1206 bis 20241129 wurde eine problematische Schwachstelle entdeckt. Betroffen ist die Funktion websReadEvent der Datei /goform/GetIPTV. Durch Beeinflussen des Arguments Content-Length mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-30T13:00:14.751Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-286417 | Tenda FH451/FH1201/FH1202/FH1206 GetIPTV websReadEvent null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.286417"
},
{
"name": "VDB-286417 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.286417"
},
{
"name": "Submit #453974 | Tenda FH451/FH1201/FH1202/FH1206 FH451-V1.0.0.9/FH451-V1.0.0.7/FH451-V1.0.0.5/FH1201-V1.2.0.14(408)_EN/FH1201-V1.2.0.8(8155)/FH1202-V1.2.0.14(408)/etc NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.453974"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Kalvin2077/tenda-fh-cve"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-29T16:54:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH451/FH1201/FH1202/FH1206 GetIPTV websReadEvent null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12002",
"datePublished": "2024-11-30T13:00:14.751Z",
"dateReserved": "2024-11-29T15:49:13.514Z",
"dateUpdated": "2024-12-02T15:54:21.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2987 (GCVE-0-2024-2987)
Vulnerability from cvelistv5
Published
2024-03-27 17:00
Modified
2025-04-10 18:26
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1202",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14\\/408\\/"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2987",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T16:04:03.173882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:26:19.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258156 | Tenda FH1202 GetParentControlInfo stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258156"
},
{
"name": "VDB-258156 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258156"
},
{
"name": "Submit #301285 | Tenda FH1202 V1.2.0.14(408) buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301285"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/GetParentControlInfo.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) entdeckt. Hiervon betroffen ist die Funktion GetParentControlInfo der Datei /goform/GetParentControlInfo. Durch Manipulieren des Arguments mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T17:00:07.371Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258156 | Tenda FH1202 GetParentControlInfo stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258156"
},
{
"name": "VDB-258156 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258156"
},
{
"name": "Submit #301285 | Tenda FH1202 V1.2.0.14(408) buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301285"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/GetParentControlInfo.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:10:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 GetParentControlInfo stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2987",
"datePublished": "2024-03-27T17:00:07.371Z",
"dateReserved": "2024-03-27T07:04:29.762Z",
"dateUpdated": "2025-04-10T18:26:19.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2986 (GCVE-0-2024-2986)
Vulnerability from cvelistv5
Published
2024-03-27 16:31
Modified
2024-08-12 15:41
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258155 | Tenda FH1202 SetSpeedWan formSetSpeedWan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258155"
},
{
"name": "VDB-258155 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258155"
},
{
"name": "Submit #301284 | Tenda FH1202 V1.2.0.14(408) buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301284"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/SetSpeedWan.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\\(408\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1202_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14\\(408\\)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T20:44:50.707384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T15:41:31.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion formSetSpeedWan der Datei /goform/SetSpeedWan. Durch das Manipulieren des Arguments speed_dir mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T16:31:06.040Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258155 | Tenda FH1202 SetSpeedWan formSetSpeedWan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258155"
},
{
"name": "VDB-258155 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258155"
},
{
"name": "Submit #301284 | Tenda FH1202 V1.2.0.14(408) buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301284"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/SetSpeedWan.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:10:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 SetSpeedWan formSetSpeedWan stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2986",
"datePublished": "2024-03-27T16:31:06.040Z",
"dateReserved": "2024-03-27T07:04:26.963Z",
"dateUpdated": "2024-08-12T15:41:31.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2985 (GCVE-0-2024-2985)
Vulnerability from cvelistv5
Published
2024-03-27 16:31
Modified
2024-08-29 17:46
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258154 | Tenda FH1202 QuickIndex formQuickIndex stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258154"
},
{
"name": "VDB-258154 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258154"
},
{
"name": "Submit #301276 | Tenda FH1202 V1.2.0.14(408) buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301276"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formQuickIndex.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1202",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2985",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T19:59:38.374704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:46:15.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda FH1202 1.2.0.14(408) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion formQuickIndex der Datei /goform/QuickIndex. Mittels Manipulieren des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T16:31:04.678Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258154 | Tenda FH1202 QuickIndex formQuickIndex stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258154"
},
{
"name": "VDB-258154 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258154"
},
{
"name": "Submit #301276 | Tenda FH1202 V1.2.0.14(408) buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301276"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formQuickIndex.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:10:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 QuickIndex formQuickIndex stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2985",
"datePublished": "2024-03-27T16:31:04.678Z",
"dateReserved": "2024-03-27T07:04:24.370Z",
"dateUpdated": "2024-08-29T17:46:15.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2984 (GCVE-0-2024-2984)
Vulnerability from cvelistv5
Published
2024-03-27 16:00
Modified
2024-08-01 19:32
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\\(408\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1202_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14\\(408\\)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2984",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T17:59:53.276794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:02:50.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258153 | Tenda FH1202 setcfm formSetCfm stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258153"
},
{
"name": "VDB-258153 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258153"
},
{
"name": "Submit #301275 | Tenda FH1202 V1.2.0.14(408) buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301275"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion formSetCfm der Datei /goform/setcfm. Mittels dem Manipulieren des Arguments funcpara1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T16:00:07.276Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258153 | Tenda FH1202 setcfm formSetCfm stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258153"
},
{
"name": "VDB-258153 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258153"
},
{
"name": "Submit #301275 | Tenda FH1202 V1.2.0.14(408) buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301275"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:10:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 setcfm formSetCfm stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2984",
"datePublished": "2024-03-27T16:00:07.276Z",
"dateReserved": "2024-03-27T07:04:21.228Z",
"dateUpdated": "2024-08-01T19:32:42.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2983 (GCVE-0-2024-2983)
Vulnerability from cvelistv5
Published
2024-03-27 16:00
Modified
2025-04-10 18:26
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tenda:fh1202:v1.2.0.14:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1202",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14\\/408\\/"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2983",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T17:53:52.895516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:26:40.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258152 | Tenda FH1202 SetClientState formSetClientState stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258152"
},
{
"name": "VDB-258152 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258152"
},
{
"name": "Submit #301274 | Tenda FH1202 V1.2.0.14(408) buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301274"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetClientState.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FH1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.14(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) gefunden. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion formSetClientState der Datei /goform/SetClientState. Durch Manipulation des Arguments deviceId/limitSpeed/limitSpeedUp mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T16:00:05.724Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258152 | Tenda FH1202 SetClientState formSetClientState stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258152"
},
{
"name": "VDB-258152 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258152"
},
{
"name": "Submit #301274 | Tenda FH1202 V1.2.0.14(408) buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301274"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetClientState.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:10:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda FH1202 SetClientState formSetClientState stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2983",
"datePublished": "2024-03-27T16:00:05.724Z",
"dateReserved": "2024-03-27T07:04:13.877Z",
"dateUpdated": "2025-04-10T18:26:40.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}