Tenda Fh1206 Firmware vulnerabilities

39 known vulnerabilities affecting tenda/fh1206_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL5HIGH30MEDIUM4

Vulnerabilities

Page 2 of 2

CVE-2024-42982HIGHCVSS 7.5vv02.03.01.352024-08-15

CVE-2024-42982 [HIGH] CWE-787 CVE-2024-42982: Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

nvd

CVE-2024-7707HIGHCVSS 8.7vv02.03.01.352024-08-13

CVE-2024-7707 [HIGH] CWE-121 CVE-2024-7707: A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this i A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been

nvd

CVE-2024-7615HIGHCVSS 8.7v1.2.0.8\(8155\)2024-08-12

CVE-2024-7615 [HIGH] CWE-121 CVE-2024-7615: A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by thi A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The v

nvd

CVE-2024-7614HIGHCVSS 8.7v1.2.0.8\(8155\)2024-08-12

CVE-2024-7614 [HIGH] CWE-121 CVE-2024-7614: A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affecte A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE:

nvd

CVE-2024-7613HIGHCVSS 8.7v1.2.0.8\(8155\)2024-08-12

CVE-2024-7613 [HIGH] CWE-120 CVE-2024-7613: A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affec A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was c

nvd

CVE-2024-35339CRITICALCVSS 9.8v1.2.0.8\(8155\)2024-05-24

CVE-2024-35339 [CRITICAL] CWE-94 CVE-2024-35339: Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac.

nvd

CVE-2024-35340HIGHCVSS 8.6v1.2.0.8\(8155\)2024-05-24

CVE-2024-35340 [HIGH] CWE-77 CVE-2024-35340: Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdi Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand.

nvd

CVE-2024-34943CRITICALCVSS 9.8v1.2.0.8\(8155\)_en2024-05-14

CVE-2024-34943 [CRITICAL] CWE-121 CVE-2024-34943: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.

nvd

CVE-2024-34945CRITICALCVSS 9.8v1.2.0.8\(8155\)_en2024-05-14

CVE-2024-34945 [CRITICAL] CWE-120 CVE-2024-34945: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle.

nvd

CVE-2024-34944HIGHCVSS 8.8v1.2.0.8\(8155\)_en2024-05-14

CVE-2024-34944 [HIGH] CWE-121 CVE-2024-34944: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.

nvd

CVE-2024-34942HIGHCVSS 8.8v1.2.0.8\(8155\)_en2024-05-14

CVE-2024-34942 [HIGH] CWE-121 CVE-2024-34942: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand.

nvd

CVE-2024-34946MEDIUMCVSS 6.5v1.2.0.8\(8155\)_en2024-05-14

CVE-2024-34946 [MEDIUM] CWE-121 CVE-2024-34946: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.

nvd

CVE-2024-33215CRITICALCVSS 9.8v1.2.0.8\(8155\)2024-04-23

CVE-2024-33215 [CRITICAL] CWE-121 CVE-2024-33215: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat.

nvd

CVE-2024-33217HIGHCVSS 7.5v1.2.0.8\(8155\)2024-04-23

CVE-2024-33217 [HIGH] CWE-121 CVE-2024-33217: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat.

nvd

CVE-2024-33212HIGHCVSS 8.8v1.2.0.8\(8155\)2024-04-23

CVE-2024-33212 [HIGH] CWE-121 CVE-2024-33212: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm.

nvd

CVE-2024-33211HIGHCVSS 7.3v1.2.0.8\(8155\)2024-04-23

CVE-2024-33211 [HIGH] CWE-121 CVE-2024-33211: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex.

nvd

CVE-2024-33214HIGHCVSS 7.5v1.2.0.8\(8155\)2024-04-23

CVE-2024-33214 [HIGH] CWE-120 CVE-2024-33214: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter in ip/goform/RouteStatic.

nvd

CVE-2024-33213MEDIUMCVSS 6.5v1.2.0.8\(8155\)2024-04-23

CVE-2024-33213 [MEDIUM] CWE-121 CVE-2024-33213: Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic.

nvd

CVE-2024-4020HIGHCVSS 8.8v1.2.0.8\(8155\)2024-04-20

CVE-2024-4020 [HIGH] CWE-120 CVE-2024-4020: A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affec A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier

nvd

← Previous2 / 2