Version 1.2.0.14\(408\)

CVE-2024-32302

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.

MEDIUM CVSS 6.3 Published Apr 17, 2024

CVE-2024-32282

Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.

MEDIUM CVSS 6.3 Published Apr 17, 2024

CVE-2024-30636

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function.

UNKNOWN CVSS 6.5 Published Mar 29, 2024

CVE-2024-30587

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.

UNKNOWN CVSS 9.8 Published Mar 28, 2024

CVE-2024-30591

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function.

UNKNOWN CVSS 8.8 Published Mar 28, 2024

CVE-2024-30586

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function.

UNKNOWN CVSS 6.5 Published Mar 28, 2024

CVE-2024-30592

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function.

HIGH CVSS 8.0 Published Mar 28, 2024

CVE-2024-30585

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function.

MEDIUM CVSS 6.5 Published Mar 28, 2024

CVE-2024-30594

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.

UNKNOWN CVSS 6.5 Published Mar 28, 2024

CVE-2024-30583

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function.

HIGH CVSS 8.0 Published Mar 28, 2024

CVE-2024-30588

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function.

MEDIUM CVSS 4.3 Published Mar 28, 2024

CVE-2024-30589

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function.

UNKNOWN CVSS 9.8 Published Mar 28, 2024

CVE-2024-30596

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function.

UNKNOWN CVSS 9.8 Published Mar 28, 2024

CVE-2024-30590

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function.

MEDIUM CVSS 6.5 Published Mar 28, 2024

CVE-2024-2986

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

HIGH CVSS 8.8 Published Mar 27, 2024

CVE-2024-2984

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

HIGH CVSS 8.8 Published Mar 27, 2024

CVE-2024-2982

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

MEDIUM CVSS 5.5 Published Mar 27, 2024

CVE-2024-2981

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

HIGH CVSS 8.8 Published Mar 27, 2024

CVE-2024-2980

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

HIGH CVSS 8.8 Published Mar 27, 2024