Skip to main content

Tenda F1202 EUVD-2026-31633

| CVE-2026-9430 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-25 VulDB GHSA-rf9r-xx56-f4rm
Tenda Stack Overflow Buffer Overflow F1202
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 09:30 vuln.today
CVSS changed
May 26, 2026 - 20:07 NVD
8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Stack-based buffer overflow in the Tenda F1202 router (firmware 1.2.0.20(408)) allows remote attackers to corrupt memory by sending a crafted 'dips' parameter to the formGstDhcpSetSer handler at /goform/GstDhcpSetSer. Publicly available exploit code exists (published via VulDB/GitHub), though EPSS rates real-world exploitation probability very low at 0.05%, and the issue is not listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Reach F1202 management interface
Delivery
Authenticate with low-privilege credentials
Exploit
POST oversized 'dips' to /goform/GstDhcpSetSer
Install
Overflow stack buffer in formGstDhcpSetSer
C2
Overwrite saved return address
Execute
Execute shellcode as router process
Impact
Persist for traffic interception or pivot
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the F1202's HTTP management interface (typically TCP/80 on the LAN, or WAN if remote management is enabled) and low-privilege authenticated access to that interface (CVSS PR:L), meaning the attacker must possess valid - even unprivileged - admin-panel credentials before triggering the formGstDhcpSetSer handler at /goform/GstDhcpSetSer with a manipulated 'dips' argument. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H, E:P) produces a 7.4 base score reflecting network reach, low complexity, and high impact across confidentiality, integrity, and availability - but importantly PR:L indicates the attacker must hold at least low-level privileges (likely an authenticated session to the router admin interface). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained low-privilege credentials to the F1202 web interface (e.g., via phishing, default credentials, or LAN foothold) sends a crafted HTTP POST to /goform/GstDhcpSetSer with an oversized 'dips' parameter, overflowing the stack buffer in formGstDhcpSetSer and overwriting the saved return address to redirect execution to attacker-controlled shellcode. Publicly available exploit code on GitHub (Litengzheng/vuldb_new2) lowers the barrier significantly, enabling reliable crash-to-code-execution and ultimately full router takeover for pivoting, traffic interception, or DNS hijacking.
Remediation No vendor-released patch identified at time of analysis - Tenda has not published a fixed firmware build in the referenced advisories (VulDB 365411 and NVD), so administrators should monitor https://www.tenda.com.cn/ for an updated firmware release for the F1202. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 HOURS: Inventory all Tenda F1202 routers; identify firmware version 1.2.0.20(408); isolate or disconnect affected units from critical network segments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-31633 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy