Tenda F1202 Firmware vulnerabilities

CVE-2025-9806 [LOW] CWE-259 CVE-2025-9806: A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown func A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitab

CVE-2024-3877 [HIGH] CWE-121 CVE-2024-3877: A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Affected by this vuln A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function fromqossetting of the file /goform/fromqossetting. The manipulation of the argument qos leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The

CVE-2024-3875 [HIGH] CWE-121 CVE-2024-3875: A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been rated as critical. This issue af A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been rated as critical. This issue affects the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VD

CVE-2024-3876 [HIGH] CWE-121 CVE-2024-3876: A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Affected is the A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260910 is th

CVE-2024-3878 [HIGH] CWE-121 CVE-2024-3878: A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affe A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the pu

CVE-2024-30635 [CRITICAL] CWE-120 CVE-2024-30635: Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function.

CVE-2024-30637 [HIGH] CWE-77 CVE-2024-30637: Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter.

CVE-2024-30634 [HIGH] CWE-121 CVE-2024-30634: Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function.

CVE-2024-30638 [MEDIUM] CWE-121 CVE-2024-30638: Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAd Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function.

CVE-2024-30636 [MEDIUM] CWE-121 CVE-2024-30636: Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function.

CVE-2024-30639 [MEDIUM] CWE-121 CVE-2024-30639: Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNa Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function.

CVE-2023-38932 [CRITICAL] CWE-787 CVE-2023-38932: Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.

CVE-2023-38938 [CRITICAL] CWE-787 CVE-2023-38938: Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.

CVE-2023-38939 [CRITICAL] CWE-787 CVE-2023-38939: Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssi Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function.

CVE-2023-37714 [CRITICAL] CWE-787 CVE-2023-37714: Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic.

CVE-2023-37716 [CRITICAL] CWE-787 CVE-2023-37716: Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1. Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.

CVE-2023-37717 [CRITICAL] CWE-787 CVE-2023-37717: Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1. Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.

CVE-2023-37719 [CRITICAL] CWE-787 CVE-2023-37719: Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter.

CVE-2023-37721 [CRITICAL] CWE-787 CVE-2023-37721: Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter.

CVE-2023-37718 [CRITICAL] CWE-787 CVE-2023-37718: Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow i Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter.