EUVD-2026-31635
GHSA-8c47-56c4-8w57
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
AnalysisAI
Stack-based buffer overflow in the Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the delno parameter of the /goform/PPTPUserSetting endpoint handled by fromPPTPUserSetting. Publicly available exploit code exists per VulDB disclosure, though EPSS rates the exploitation probability at only 0.05% (14th percentile) and no public exploit identified at time of analysis appears in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to (1) reach the device's HTTP management interface - trivial on LAN, only possible from the internet if WAN-side remote management is enabled, and (2) authenticate as an administrative user (CVSS PR:L), so default/weak/leaked credentials or an existing admin session are prerequisites. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 7.4 (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) reflects network reach, low complexity, and high impact on the device, but PR:L means an attacker must already hold valid administrative credentials - a major practical limiter for an internet-exposed router. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or guessed an administrative login to a Tenda F1202 - for example via default credentials on an internet-exposed device, phishing of an SMB admin, or credential reuse - submits a crafted POST to /goform/PPTPUserSetting with an overlong delno argument. The publicly disclosed proof-of-concept at https://github.com/Litengzheng/vuldb_new2 triggers the stack overflow in fromPPTPUserSetting, crashing the device and, with proper gadget chaining for the embedded architecture, hijacking control flow to execute attacker-supplied code on the router with full administrative privileges. |
| Remediation | No vendor-released patch identified at time of analysis - Tenda has not published an advisory or fixed firmware build for CVE-2026-9428 in the references provided. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Tenda F1202 routers in production and verify firmware version 1.2.0.20.408; disable remote administrative access and PPTP services if operationally feasible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today