Tenda Fh1202 Firmware vulnerabilities

CVE-2026-3808 [HIGH] CWE-119 CVE-2026-3808: A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function for A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

CVE-2026-3811 [HIGH] CWE-119 CVE-2026-3811: A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

CVE-2026-3809 [HIGH] CWE-119 CVE-2026-3809: A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatSta A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.

CVE-2026-3810 [HIGH] CWE-119 CVE-2026-3810: A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpList A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CVE-2026-3807 [HIGH] CWE-119 CVE-2026-3807: A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function f A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-7530 [HIGH] CWE-119 CVE-2025-7530: A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Aff A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may

CVE-2025-7532 [HIGH] CWE-119 CVE-2025-7532: A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulner A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public

CVE-2025-7527 [HIGH] CWE-119 CVE-2025-7527: A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue a A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7529 [HIGH] CWE-119 CVE-2025-7529: A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vul A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7531 [HIGH] CWE-119 CVE-2025-7531: A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This aff A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be

CVE-2025-7528 [HIGH] CWE-119 CVE-2025-7528: A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5978 [HIGH] CWE-119 CVE-2025-5978: A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-3236 [MEDIUM] CWE-266 CVE-2025-3236: A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vuln A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be use

CVE-2025-3237 [MEDIUM] CWE-266 CVE-2025-3237: A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue a A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-2991 [MEDIUM] CWE-266 CVE-2025-2991: A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be u

CVE-2025-2994 [MEDIUM] CWE-266 CVE-2025-2994: A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This aff A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be us

CVE-2025-2995 [MEDIUM] CWE-266 CVE-2025-2995: A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulner A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may b

CVE-2025-2990 [MEDIUM] CWE-266 CVE-2025-2990: A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue a A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may

CVE-2025-2993 [MEDIUM] CWE-266 CVE-2025-2993: A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Aff A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-2989 [MEDIUM] CWE-266 CVE-2025-2989: A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vuln A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be use