Tenda Fh1201 vulnerabilities

CVE-2026-5045 [HIGH] CWE-119 CVE-2026-5045: A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet o A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVE-2026-5046 [HIGH] CWE-119 CVE-2026-5046: A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.

CVE-2025-14994 [HIGH] CWE-119 CVE-2025-14994: A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the funct A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and ma

CVE-2025-14995 [HIGH] CWE-119 CVE-2025-14995: A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of th A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

CVE-2025-7551 [HIGH] CWE-119 CVE-2025-7551: A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public

CVE-2025-7548 [HIGH] CWE-119 CVE-2025-7548: A vulnerability has been found in Tenda FH1201 1.2.0.14(408) and classified as critical. This vulner A vulnerability has been found in Tenda FH1201 1.2.0.14(408) and classified as critical. This vulnerability affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be

CVE-2025-7549 [HIGH] CWE-119 CVE-2025-7549: A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affec A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7550 [HIGH] CWE-119 CVE-2025-7550: A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affecte A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7463 [HIGH] CWE-119 CVE-2025-7463: A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerabi A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP POST Request Handler. The manipulation of the argument mit_ssid leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclo

CVE-2025-7468 [HIGH] CWE-119 CVE-2025-7468: A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerabili A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerability affects the function fromSafeUrlFilter of the file /goform/fromSafeUrlFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclose

CVE-2025-7465 [HIGH] CWE-119 CVE-2025-7465: A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerab A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to th

CVE-2025-6110 [HIGH] CWE-119 CVE-2025-6110: A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-12002 [MEDIUM] CWE-404 CVE-2024-12002: A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed t