Tenda Fh1206 Firmware vulnerabilities

CVE-2025-14994 [HIGH] CWE-119 CVE-2025-14994: A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the funct A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and ma

CVE-2024-12002 [MEDIUM] CWE-404 CVE-2024-12002: A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed t

CVE-2024-44386 [HIGH] CWE-121 CVE-2024-44386: Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBi Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind.

CVE-2024-44390 [HIGH] CWE-787 CVE-2024-44390: Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafe Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset.

CVE-2024-44387 [MEDIUM] CWE-787 CVE-2024-44387: Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtr Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet.

CVE-2024-42978 [CRITICAL] CWE-78 CVE-2024-42978: An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.

CVE-2024-42986 [HIGH] CWE-787 CVE-2024-42986: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42985 [HIGH] CWE-787 CVE-2024-42985: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42983 [HIGH] CWE-787 CVE-2024-42983: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in th Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42973 [HIGH] CWE-787 CVE-2024-42973: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42969 [HIGH] CWE-787 CVE-2024-42969: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42974 [HIGH] CWE-787 CVE-2024-42974: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42977 [HIGH] CWE-787 CVE-2024-42977: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fr Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42981 [HIGH] CWE-787 CVE-2024-42981: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42968 [HIGH] CWE-787 CVE-2024-42968: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fro Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42979 [HIGH] CWE-787 CVE-2024-42979: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42976 [HIGH] CWE-787 CVE-2024-42976: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42987 [HIGH] CWE-787 CVE-2024-42987: Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in t Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can e

CVE-2024-42984 [HIGH] CWE-787 CVE-2024-42984: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2024-42980 [HIGH] CWE-787 CVE-2024-42980: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.