Search

Find a vulnerability

Search criteria

    126 vulnerabilities found for fh1202_firmware by tenda

    CVE-2026-7035 (GCVE-0-2026-7035)

    Vulnerability from nvd – Published: 2026-04-26 11:15 – Updated: 2026-04-27 13:10
    VLAI
    Title
    Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow
    Summary
    A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    LtzHuster (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7035",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T13:10:51.185092Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T13:10:58.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "httpd"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LtzHuster (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-26T11:15:11.839Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-359615 | Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/359615"
            },
            {
              "name": "VDB-359615 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/359615/cti"
            },
            {
              "name": "Submit #798477 | Tenda FH1202 1.2.0.14(408) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/798477"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Litengzheng/vuldb_new/blob/main/FH1202/vul_20/README.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-25T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-25T18:00:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7035",
        "datePublished": "2026-04-26T11:15:11.839Z",
        "dateReserved": "2026-04-25T14:22:57.920Z",
        "dateUpdated": "2026-04-27T13:10:58.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7034 (GCVE-0-2026-7034)

    Vulnerability from nvd – Published: 2026-04-26 11:00 – Updated: 2026-04-27 12:47
    VLAI
    Title
    Tenda FH1202 httpd WrlExtraSet stack-based overflow
    Summary
    A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    LtzHuster (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7034",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T12:47:36.432745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T12:47:47.994Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "httpd"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LtzHuster (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-26T11:00:20.772Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-359614 | Tenda FH1202 httpd WrlExtraSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/359614"
            },
            {
              "name": "VDB-359614 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/359614/cti"
            },
            {
              "name": "Submit #798476 | Tenda FH1202 1.2.0.14(408) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/798476"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Litengzheng/vuldb_new/blob/main/FH1202/vul_19/README.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-25T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-25T16:28:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 httpd WrlExtraSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7034",
        "datePublished": "2026-04-26T11:00:20.772Z",
        "dateReserved": "2026-04-25T14:22:54.448Z",
        "dateUpdated": "2026-04-27T12:47:47.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3811 (GCVE-0-2026-3811)

    Vulnerability from nvd – Published: 2026-03-09 08:32 – Updated: 2026-03-09 18:16
    VLAI
    Title
    Tenda FH1202 P2pListFilter fromP2pListFilter stack-based overflow
    Summary
    A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349777 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349777 signaturepermissions-required
    https://vuldb.com/?submit.769041 third-party-advisory
    https://github.com/Svigo-o/Tenda_vul/tree/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    m202572177 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3811",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T18:15:59.458401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T18:16:40.169Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "m202572177 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:32:09.124Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349777 | Tenda FH1202 P2pListFilter fromP2pListFilter stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349777"
            },
            {
              "name": "VDB-349777 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349777"
            },
            {
              "name": "Submit #769041 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769041"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-p2plistfilter-page-buffer-overflow"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T17:28:20.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 P2pListFilter fromP2pListFilter stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3811",
        "datePublished": "2026-03-09T08:32:09.124Z",
        "dateReserved": "2026-03-08T16:22:56.760Z",
        "dateUpdated": "2026-03-09T18:16:40.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3810 (GCVE-0-2026-3810)

    Vulnerability from nvd – Published: 2026-03-09 08:02 – Updated: 2026-03-10 16:05
    VLAI
    Title
    Tenda FH1202 DhcpListClient fromDhcpListClient stack-based overflow
    Summary
    A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349776 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349776 signaturepermissions-required
    https://vuldb.com/?submit.769040 third-party-advisory
    https://github.com/Svigo-o/Tenda_vul/tree/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    m202572177 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3810",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T16:04:58.189848Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:05:06.793Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "m202572177 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:02:09.919Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349776 | Tenda FH1202 DhcpListClient fromDhcpListClient stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349776"
            },
            {
              "name": "VDB-349776 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349776"
            },
            {
              "name": "Submit #769040 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769040"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-dhcplistclient-page-buffer-overflow"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T17:28:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 DhcpListClient fromDhcpListClient stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3810",
        "datePublished": "2026-03-09T08:02:09.919Z",
        "dateReserved": "2026-03-08T16:22:52.352Z",
        "dateUpdated": "2026-03-10T16:05:06.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3809 (GCVE-0-2026-3809)

    Vulnerability from nvd – Published: 2026-03-09 07:32 – Updated: 2026-03-10 15:32
    VLAI
    Title
    Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow
    Summary
    A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349775 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349775 signaturepermissions-required
    https://vuldb.com/?submit.769039 third-party-advisory
    https://github.com/Svigo-o/Tenda_vul/tree/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    m202572177 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3809",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:31:14.657786Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T15:32:15.234Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "m202572177 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T07:32:11.491Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349775 | Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349775"
            },
            {
              "name": "VDB-349775 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349775"
            },
            {
              "name": "Submit #769039 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769039"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-natsaticsetting-page-buffer-overflow"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T17:28:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3809",
        "datePublished": "2026-03-09T07:32:11.491Z",
        "dateReserved": "2026-03-08T16:22:48.509Z",
        "dateUpdated": "2026-03-10T15:32:15.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3808 (GCVE-0-2026-3808)

    Vulnerability from nvd – Published: 2026-03-09 07:02 – Updated: 2026-03-10 15:38
    VLAI
    Title
    Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow
    Summary
    A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349774 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349774 signaturepermissions-required
    https://vuldb.com/?submit.769023 third-party-advisory
    https://github.com/Svigo-o/Tenda_vul/tree/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Manner814 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3808",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:34:48.440675Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T15:38:14.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Manner814 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T07:02:08.736Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349774 | Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349774"
            },
            {
              "name": "VDB-349774 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349774"
            },
            {
              "name": "Submit #769023 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769023"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-webtypelibrary-websiteid-buffer-overflow"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T17:28:12.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3808",
        "datePublished": "2026-03-09T07:02:08.736Z",
        "dateReserved": "2026-03-08T16:22:45.108Z",
        "dateUpdated": "2026-03-10T15:38:14.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3807 (GCVE-0-2026-3807)

    Vulnerability from nvd – Published: 2026-03-09 06:32 – Updated: 2026-03-10 15:44
    VLAI
    Title
    Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow
    Summary
    A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349773 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349773 signaturepermissions-required
    https://vuldb.com/?submit.769019 third-party-advisory
    https://vuldb.com/?submit.769020 third-party-advisory
    https://github.com/Svigo-o/Tenda_vul/tree/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fan95 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3807",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:44:02.273541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T15:44:51.033Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fan95 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T06:32:08.531Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349773 | Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349773"
            },
            {
              "name": "VDB-349773 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349773"
            },
            {
              "name": "Submit #769019 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769019"
            },
            {
              "name": "Submit #769020 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769020"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-advsetwrlsafeset-mit-ssid-buffer-overflow"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T17:28:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3807",
        "datePublished": "2026-03-09T06:32:08.531Z",
        "dateReserved": "2026-03-08T16:22:36.756Z",
        "dateUpdated": "2026-03-10T15:44:51.033Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7532 (GCVE-0-2025-7532)

    Vulnerability from nvd – Published: 2025-07-13 16:02 – Updated: 2025-07-14 16:05
    VLAI
    Title
    Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow
    Summary
    A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316228 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316228 signaturepermissions-required
    https://vuldb.com/?submit.612958 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7532",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:05:37.210129Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-14T16:05:45.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromwebExcptypemanFilter.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda FH1202 1.2.0.14(408) wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion fromwebExcptypemanFilter der Datei /goform/webExcptypemanFilter. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T16:02:08.791Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316228 | Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316228"
            },
            {
              "name": "VDB-316228 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316228"
            },
            {
              "name": "Submit #612958 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612958"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromwebExcptypemanFilter.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:34:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7532",
        "datePublished": "2025-07-13T16:02:08.791Z",
        "dateReserved": "2025-07-12T11:28:45.331Z",
        "dateUpdated": "2025-07-14T16:05:45.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7531 (GCVE-0-2025-7531)

    Vulnerability from nvd – Published: 2025-07-13 15:32 – Updated: 2025-07-14 16:06
    VLAI
    Title
    Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow
    Summary
    A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316227 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316227 signaturepermissions-required
    https://vuldb.com/?submit.612957 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7531",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:06:15.761000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-14T16:06:18.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserSetting.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) gefunden. Es geht dabei um die Funktion fromPptpUserSetting der Datei /goform/PPTPUserSetting. Durch Beeinflussen des Arguments delno mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T15:32:06.988Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316227 | Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316227"
            },
            {
              "name": "VDB-316227 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316227"
            },
            {
              "name": "Submit #612957 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612957"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserSetting.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:33:58.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7531",
        "datePublished": "2025-07-13T15:32:06.988Z",
        "dateReserved": "2025-07-12T11:28:42.196Z",
        "dateUpdated": "2025-07-14T16:06:18.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7530 (GCVE-0-2025-7530)

    Vulnerability from nvd – Published: 2025-07-13 15:02 – Updated: 2025-07-14 16:02
    VLAI
    Title
    Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow
    Summary
    A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316226 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316226 signaturepermissions-required
    https://vuldb.com/?submit.612956 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7530",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:02:41.911215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-14T16:02:45.450Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserAdd.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) entdeckt. Es geht hierbei um die Funktion fromPptpUserAdd der Datei /goform/PPTPDClient. Durch das Beeinflussen des Arguments Username mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T15:02:07.201Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316226 | Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316226"
            },
            {
              "name": "VDB-316226 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316226"
            },
            {
              "name": "Submit #612956 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612956"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserAdd.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:33:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7530",
        "datePublished": "2025-07-13T15:02:07.201Z",
        "dateReserved": "2025-07-12T11:28:39.271Z",
        "dateUpdated": "2025-07-14T16:02:45.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7529 (GCVE-0-2025-7529)

    Vulnerability from nvd – Published: 2025-07-13 12:02 – Updated: 2025-07-14 16:06
    VLAI
    Title
    Tenda FH1202 Natlimit fromNatlimit stack-based overflow
    Summary
    A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316225 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316225 signaturepermissions-required
    https://vuldb.com/?submit.612955 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7529",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:06:48.256565Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-14T16:06:51.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromNatlimit.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda FH1202 1.2.0.14(408) wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion fromNatlimit der Datei /goform/Natlimit. Durch Manipulieren des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T12:02:06.294Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316225 | Tenda FH1202 Natlimit fromNatlimit stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316225"
            },
            {
              "name": "VDB-316225 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316225"
            },
            {
              "name": "Submit #612955 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612955"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromNatlimit.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:33:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 Natlimit fromNatlimit stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7529",
        "datePublished": "2025-07-13T12:02:06.294Z",
        "dateReserved": "2025-07-12T11:28:36.206Z",
        "dateUpdated": "2025-07-14T16:06:51.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7528 (GCVE-0-2025-7528)

    Vulnerability from nvd – Published: 2025-07-13 11:32 – Updated: 2025-07-15 19:53
    VLAI
    Title
    Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow
    Summary
    A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316224 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316224 signaturepermissions-required
    https://vuldb.com/?submit.612948 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7528",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:44:15.065520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T19:53:48.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromGstDhcpSetSer.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) entdeckt. Betroffen hiervon ist die Funktion fromGstDhcpSetSer der Datei /goform/GstDhcpSetSer. Durch das Manipulieren des Arguments dips mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T11:32:06.765Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316224 | Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316224"
            },
            {
              "name": "VDB-316224 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316224"
            },
            {
              "name": "Submit #612948 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612948"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromGstDhcpSetSer.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:33:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7528",
        "datePublished": "2025-07-13T11:32:06.765Z",
        "dateReserved": "2025-07-12T11:28:33.573Z",
        "dateUpdated": "2025-07-15T19:53:48.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7527 (GCVE-0-2025-7527)

    Vulnerability from nvd – Published: 2025-07-13 10:32 – Updated: 2025-07-15 19:53
    VLAI
    Title
    Tenda FH1202 AdvSetWan fromAdvSetWan stack-based overflow
    Summary
    A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316223 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316223 signaturepermissions-required
    https://vuldb.com/?submit.612941 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7527",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:44:20.267791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T19:53:55.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromAdvSetWan.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion fromAdvSetWan der Datei /goform/AdvSetWan. Mittels Manipulieren des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T10:32:07.306Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316223 | Tenda FH1202 AdvSetWan fromAdvSetWan stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316223"
            },
            {
              "name": "VDB-316223 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316223"
            },
            {
              "name": "Submit #612941 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612941"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromAdvSetWan.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:33:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 AdvSetWan fromAdvSetWan stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7527",
        "datePublished": "2025-07-13T10:32:07.306Z",
        "dateReserved": "2025-07-12T11:28:30.697Z",
        "dateUpdated": "2025-07-15T19:53:55.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-5978 (GCVE-0-2025-5978)

    Vulnerability from nvd – Published: 2025-06-10 20:31 – Updated: 2025-06-11 13:48
    VLAI
    Title
    Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow
    Summary
    A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14
    Create a notification for this product.
    Credits
    yhryhryhr_miemie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5978",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T13:47:20.858863Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T13:48:26.258Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yhryhryhr_miemie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14 ausgemacht. Hiervon betroffen ist die Funktion fromVirtualSer der Datei /goform/VirtualSer. Mittels Manipulieren des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T20:31:07.787Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-311856 | Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.311856"
            },
            {
              "name": "VDB-311856 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.311856"
            },
            {
              "name": "Submit #592462 | Tenda FH1202 FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.592462"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-10T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-10T13:53:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-5978",
        "datePublished": "2025-06-10T20:31:07.787Z",
        "dateReserved": "2025-06-10T11:48:44.341Z",
        "dateUpdated": "2025-06-11T13:48:26.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3237 (GCVE-0-2025-3237)

    Vulnerability from nvd – Published: 2025-04-04 10:00 – Updated: 2025-04-04 12:51
    VLAI
    Title
    Tenda FH1202 wrlwpsset access control
    Summary
    A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    yhryhryhr_miemie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3237",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T12:50:20.391141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T12:51:04.521Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yhryhryhr_miemie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /goform/wrlwpsset. Durch Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T10:00:15.289Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-303263 | Tenda FH1202 wrlwpsset access control",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.303263"
            },
            {
              "name": "VDB-303263 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.303263"
            },
            {
              "name": "Submit #546368 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.546368"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-wrlwpsset-1bc53a41781f80aeb9a6de676fe25e6d?pvs=4"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-03T20:55:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 wrlwpsset access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3237",
        "datePublished": "2025-04-04T10:00:15.289Z",
        "dateReserved": "2025-04-03T18:50:07.033Z",
        "dateUpdated": "2025-04-04T12:51:04.521Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3236 (GCVE-0-2025-3236)

    Vulnerability from nvd – Published: 2025-04-04 09:31 – Updated: 2025-04-04 14:27
    VLAI
    Title
    Tenda FH1202 Web Management Interface VirSerDMZ access control
    Summary
    A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3236",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:27:28.286078Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:27:44.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Web Management Interface"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda FH1202 1.2.0.14(408) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /goform/VirSerDMZ der Komponente Web Management Interface. Durch die Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T09:31:13.572Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-303262 | Tenda FH1202 Web Management Interface VirSerDMZ access control",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.303262"
            },
            {
              "name": "VDB-303262 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.303262"
            },
            {
              "name": "Submit #546367 | Tenda FH1202 V1.2.0.14(408) Improper Access Controls",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.546367"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-VirSerDMZ-1bc53a41781f809b9e6cdd60fe4e428c?pvs=4"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-03T20:55:11.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 Web Management Interface VirSerDMZ access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3236",
        "datePublished": "2025-04-04T09:31:13.572Z",
        "dateReserved": "2025-04-03T18:50:04.697Z",
        "dateUpdated": "2025-04-04T14:27:44.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-7035 (GCVE-0-2026-7035)

    Vulnerability from cvelistv5 – Published: 2026-04-26 11:15 – Updated: 2026-04-27 13:10
    VLAI
    Title
    Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow
    Summary
    A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    LtzHuster (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7035",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T13:10:51.185092Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T13:10:58.801Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "httpd"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LtzHuster (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-26T11:15:11.839Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-359615 | Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/359615"
            },
            {
              "name": "VDB-359615 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/359615/cti"
            },
            {
              "name": "Submit #798477 | Tenda FH1202 1.2.0.14(408) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/798477"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Litengzheng/vuldb_new/blob/main/FH1202/vul_20/README.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-25T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-25T18:00:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 httpd WrlclientSet fromWrlclientSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7035",
        "datePublished": "2026-04-26T11:15:11.839Z",
        "dateReserved": "2026-04-25T14:22:57.920Z",
        "dateUpdated": "2026-04-27T13:10:58.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7034 (GCVE-0-2026-7034)

    Vulnerability from cvelistv5 – Published: 2026-04-26 11:00 – Updated: 2026-04-27 12:47
    VLAI
    Title
    Tenda FH1202 httpd WrlExtraSet stack-based overflow
    Summary
    A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    LtzHuster (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7034",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T12:47:36.432745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T12:47:47.994Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "httpd"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LtzHuster (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-26T11:00:20.772Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-359614 | Tenda FH1202 httpd WrlExtraSet stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/359614"
            },
            {
              "name": "VDB-359614 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/359614/cti"
            },
            {
              "name": "Submit #798476 | Tenda FH1202 1.2.0.14(408) Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/798476"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Litengzheng/vuldb_new/blob/main/FH1202/vul_19/README.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-25T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-25T16:28:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 httpd WrlExtraSet stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7034",
        "datePublished": "2026-04-26T11:00:20.772Z",
        "dateReserved": "2026-04-25T14:22:54.448Z",
        "dateUpdated": "2026-04-27T12:47:47.994Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3811 (GCVE-0-2026-3811)

    Vulnerability from cvelistv5 – Published: 2026-03-09 08:32 – Updated: 2026-03-09 18:16
    VLAI
    Title
    Tenda FH1202 P2pListFilter fromP2pListFilter stack-based overflow
    Summary
    A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349777 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349777 signaturepermissions-required
    https://vuldb.com/?submit.769041 third-party-advisory
    https://github.com/Svigo-o/Tenda_vul/tree/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    m202572177 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3811",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-09T18:15:59.458401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-09T18:16:40.169Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "m202572177 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:32:09.124Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349777 | Tenda FH1202 P2pListFilter fromP2pListFilter stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349777"
            },
            {
              "name": "VDB-349777 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349777"
            },
            {
              "name": "Submit #769041 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769041"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-p2plistfilter-page-buffer-overflow"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T17:28:20.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 P2pListFilter fromP2pListFilter stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3811",
        "datePublished": "2026-03-09T08:32:09.124Z",
        "dateReserved": "2026-03-08T16:22:56.760Z",
        "dateUpdated": "2026-03-09T18:16:40.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3810 (GCVE-0-2026-3810)

    Vulnerability from cvelistv5 – Published: 2026-03-09 08:02 – Updated: 2026-03-10 16:05
    VLAI
    Title
    Tenda FH1202 DhcpListClient fromDhcpListClient stack-based overflow
    Summary
    A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349776 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349776 signaturepermissions-required
    https://vuldb.com/?submit.769040 third-party-advisory
    https://github.com/Svigo-o/Tenda_vul/tree/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    m202572177 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3810",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T16:04:58.189848Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T16:05:06.793Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "m202572177 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T08:02:09.919Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349776 | Tenda FH1202 DhcpListClient fromDhcpListClient stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349776"
            },
            {
              "name": "VDB-349776 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349776"
            },
            {
              "name": "Submit #769040 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769040"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-dhcplistclient-page-buffer-overflow"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T17:28:19.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 DhcpListClient fromDhcpListClient stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3810",
        "datePublished": "2026-03-09T08:02:09.919Z",
        "dateReserved": "2026-03-08T16:22:52.352Z",
        "dateUpdated": "2026-03-10T16:05:06.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3809 (GCVE-0-2026-3809)

    Vulnerability from cvelistv5 – Published: 2026-03-09 07:32 – Updated: 2026-03-10 15:32
    VLAI
    Title
    Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow
    Summary
    A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349775 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349775 signaturepermissions-required
    https://vuldb.com/?submit.769039 third-party-advisory
    https://github.com/Svigo-o/Tenda_vul/tree/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    m202572177 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3809",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:31:14.657786Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T15:32:15.234Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "m202572177 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T07:32:11.491Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349775 | Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349775"
            },
            {
              "name": "VDB-349775 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349775"
            },
            {
              "name": "Submit #769039 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769039"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-natsaticsetting-page-buffer-overflow"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T17:28:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3809",
        "datePublished": "2026-03-09T07:32:11.491Z",
        "dateReserved": "2026-03-08T16:22:48.509Z",
        "dateUpdated": "2026-03-10T15:32:15.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3808 (GCVE-0-2026-3808)

    Vulnerability from cvelistv5 – Published: 2026-03-09 07:02 – Updated: 2026-03-10 15:38
    VLAI
    Title
    Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow
    Summary
    A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349774 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349774 signaturepermissions-required
    https://vuldb.com/?submit.769023 third-party-advisory
    https://github.com/Svigo-o/Tenda_vul/tree/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Manner814 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3808",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:34:48.440675Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T15:38:14.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Manner814 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T07:02:08.736Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349774 | Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349774"
            },
            {
              "name": "VDB-349774 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349774"
            },
            {
              "name": "Submit #769023 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769023"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-webtypelibrary-websiteid-buffer-overflow"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T17:28:12.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3808",
        "datePublished": "2026-03-09T07:02:08.736Z",
        "dateReserved": "2026-03-08T16:22:45.108Z",
        "dateUpdated": "2026-03-10T15:38:14.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3807 (GCVE-0-2026-3807)

    Vulnerability from cvelistv5 – Published: 2026-03-09 06:32 – Updated: 2026-03-10 15:44
    VLAI
    Title
    Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow
    Summary
    A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349773 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349773 signaturepermissions-required
    https://vuldb.com/?submit.769019 third-party-advisory
    https://vuldb.com/?submit.769020 third-party-advisory
    https://github.com/Svigo-o/Tenda_vul/tree/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
        cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fan95 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3807",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T15:44:02.273541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T15:44:51.033Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:fh1202_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fan95 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T06:32:08.531Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349773 | Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349773"
            },
            {
              "name": "VDB-349773 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349773"
            },
            {
              "name": "Submit #769019 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769019"
            },
            {
              "name": "Submit #769020 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.769020"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Svigo-o/Tenda_vul/tree/main/tenda-fh1202-advsetwrlsafeset-mit-ssid-buffer-overflow"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T17:28:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3807",
        "datePublished": "2026-03-09T06:32:08.531Z",
        "dateReserved": "2026-03-08T16:22:36.756Z",
        "dateUpdated": "2026-03-10T15:44:51.033Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7532 (GCVE-0-2025-7532)

    Vulnerability from cvelistv5 – Published: 2025-07-13 16:02 – Updated: 2025-07-14 16:05
    VLAI
    Title
    Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow
    Summary
    A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316228 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316228 signaturepermissions-required
    https://vuldb.com/?submit.612958 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7532",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:05:37.210129Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-14T16:05:45.515Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromwebExcptypemanFilter.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda FH1202 1.2.0.14(408) wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion fromwebExcptypemanFilter der Datei /goform/webExcptypemanFilter. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T16:02:08.791Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316228 | Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316228"
            },
            {
              "name": "VDB-316228 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316228"
            },
            {
              "name": "Submit #612958 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612958"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromwebExcptypemanFilter.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:34:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7532",
        "datePublished": "2025-07-13T16:02:08.791Z",
        "dateReserved": "2025-07-12T11:28:45.331Z",
        "dateUpdated": "2025-07-14T16:05:45.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7531 (GCVE-0-2025-7531)

    Vulnerability from cvelistv5 – Published: 2025-07-13 15:32 – Updated: 2025-07-14 16:06
    VLAI
    Title
    Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow
    Summary
    A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316227 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316227 signaturepermissions-required
    https://vuldb.com/?submit.612957 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7531",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:06:15.761000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-14T16:06:18.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserSetting.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) gefunden. Es geht dabei um die Funktion fromPptpUserSetting der Datei /goform/PPTPUserSetting. Durch Beeinflussen des Arguments delno mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T15:32:06.988Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316227 | Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316227"
            },
            {
              "name": "VDB-316227 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316227"
            },
            {
              "name": "Submit #612957 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612957"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserSetting.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:33:58.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7531",
        "datePublished": "2025-07-13T15:32:06.988Z",
        "dateReserved": "2025-07-12T11:28:42.196Z",
        "dateUpdated": "2025-07-14T16:06:18.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7530 (GCVE-0-2025-7530)

    Vulnerability from cvelistv5 – Published: 2025-07-13 15:02 – Updated: 2025-07-14 16:02
    VLAI
    Title
    Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow
    Summary
    A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316226 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316226 signaturepermissions-required
    https://vuldb.com/?submit.612956 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7530",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:02:41.911215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-14T16:02:45.450Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserAdd.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) entdeckt. Es geht hierbei um die Funktion fromPptpUserAdd der Datei /goform/PPTPDClient. Durch das Beeinflussen des Arguments Username mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T15:02:07.201Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316226 | Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316226"
            },
            {
              "name": "VDB-316226 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316226"
            },
            {
              "name": "Submit #612956 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612956"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromPptpUserAdd.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:33:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7530",
        "datePublished": "2025-07-13T15:02:07.201Z",
        "dateReserved": "2025-07-12T11:28:39.271Z",
        "dateUpdated": "2025-07-14T16:02:45.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7529 (GCVE-0-2025-7529)

    Vulnerability from cvelistv5 – Published: 2025-07-13 12:02 – Updated: 2025-07-14 16:06
    VLAI
    Title
    Tenda FH1202 Natlimit fromNatlimit stack-based overflow
    Summary
    A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316225 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316225 signaturepermissions-required
    https://vuldb.com/?submit.612955 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7529",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:06:48.256565Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-14T16:06:51.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromNatlimit.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda FH1202 1.2.0.14(408) wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion fromNatlimit der Datei /goform/Natlimit. Durch Manipulieren des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T12:02:06.294Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316225 | Tenda FH1202 Natlimit fromNatlimit stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316225"
            },
            {
              "name": "VDB-316225 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316225"
            },
            {
              "name": "Submit #612955 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612955"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromNatlimit.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:33:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 Natlimit fromNatlimit stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7529",
        "datePublished": "2025-07-13T12:02:06.294Z",
        "dateReserved": "2025-07-12T11:28:36.206Z",
        "dateUpdated": "2025-07-14T16:06:51.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7528 (GCVE-0-2025-7528)

    Vulnerability from cvelistv5 – Published: 2025-07-13 11:32 – Updated: 2025-07-15 19:53
    VLAI
    Title
    Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow
    Summary
    A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316224 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316224 signaturepermissions-required
    https://vuldb.com/?submit.612948 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7528",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:44:15.065520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T19:53:48.069Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromGstDhcpSetSer.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) entdeckt. Betroffen hiervon ist die Funktion fromGstDhcpSetSer der Datei /goform/GstDhcpSetSer. Durch das Manipulieren des Arguments dips mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T11:32:06.765Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316224 | Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316224"
            },
            {
              "name": "VDB-316224 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316224"
            },
            {
              "name": "Submit #612948 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612948"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromGstDhcpSetSer.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:33:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7528",
        "datePublished": "2025-07-13T11:32:06.765Z",
        "dateReserved": "2025-07-12T11:28:33.573Z",
        "dateUpdated": "2025-07-15T19:53:48.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7527 (GCVE-0-2025-7527)

    Vulnerability from cvelistv5 – Published: 2025-07-13 10:32 – Updated: 2025-07-15 19:53
    VLAI
    Title
    Tenda FH1202 AdvSetWan fromAdvSetWan stack-based overflow
    Summary
    A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316223 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316223 signaturepermissions-required
    https://vuldb.com/?submit.612941 third-party-advisory
    https://github.com/panda666-888/vuls/blob/main/te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14(408)
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7527",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:44:20.267791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T19:53:55.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromAdvSetWan.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14(408)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion fromAdvSetWan der Datei /goform/AdvSetWan. Mittels Manipulieren des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T10:32:07.306Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316223 | Tenda FH1202 AdvSetWan fromAdvSetWan stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316223"
            },
            {
              "name": "VDB-316223 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316223"
            },
            {
              "name": "Submit #612941 | Tenda FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.612941"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/fh1202/fromAdvSetWan.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T13:33:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 AdvSetWan fromAdvSetWan stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7527",
        "datePublished": "2025-07-13T10:32:07.306Z",
        "dateReserved": "2025-07-12T11:28:30.697Z",
        "dateUpdated": "2025-07-15T19:53:55.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-5978 (GCVE-0-2025-5978)

    Vulnerability from cvelistv5 – Published: 2025-06-10 20:31 – Updated: 2025-06-11 13:48
    VLAI
    Title
    Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow
    Summary
    A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda FH1202 Affected: 1.2.0.14
    Create a notification for this product.
    Credits
    yhryhryhr_miemie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5978",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T13:47:20.858863Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T13:48:26.258Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FH1202",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yhryhryhr_miemie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14 ausgemacht. Hiervon betroffen ist die Funktion fromVirtualSer der Datei /goform/VirtualSer. Mittels Manipulieren des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T20:31:07.787Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-311856 | Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.311856"
            },
            {
              "name": "VDB-311856 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.311856"
            },
            {
              "name": "Submit #592462 | Tenda FH1202 FH1202 V1.2.0.14(408) Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.592462"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-10T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-10T13:53:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda FH1202 VirtualSer fromVirtualSer stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-5978",
        "datePublished": "2025-06-10T20:31:07.787Z",
        "dateReserved": "2025-06-10T11:48:44.341Z",
        "dateUpdated": "2025-06-11T13:48:26.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }