Skip to main content

Tenda F1202 EUVD-2026-31635

| CVE-2026-9428 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-25 VulDB GHSA-8c47-56c4-8w57
Tenda Stack Overflow Buffer Overflow F1202
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 09:31 vuln.today
CVSS changed
May 26, 2026 - 20:07 NVD
8.8 (HIGH) 7.4 (HIGH)

DescriptionCVE.org

A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

AnalysisAI

Stack-based buffer overflow in the Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the delno parameter of the /goform/PPTPUserSetting endpoint handled by fromPPTPUserSetting. Publicly available exploit code exists per VulDB disclosure, though EPSS rates the exploitation probability at only 0.05% (14th percentile) and no public exploit identified at time of analysis appears in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify exposed F1202 admin UI
Delivery
Obtain admin credentials
Exploit
Authenticate to web interface
Install
POST oversized delno to /goform/PPTPUserSetting
C2
Overflow stack buffer in fromPPTPUserSetting
Execute
Hijack control flow on router
Impact
Execute code with admin privileges
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to (1) reach the device's HTTP management interface - trivial on LAN, only possible from the internet if WAN-side remote management is enabled, and (2) authenticate as an administrative user (CVSS PR:L), so default/weak/leaked credentials or an existing admin session are prerequisites. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 7.4 (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) reflects network reach, low complexity, and high impact on the device, but PR:L means an attacker must already hold valid administrative credentials - a major practical limiter for an internet-exposed router. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or guessed an administrative login to a Tenda F1202 - for example via default credentials on an internet-exposed device, phishing of an SMB admin, or credential reuse - submits a crafted POST to /goform/PPTPUserSetting with an overlong delno argument. The publicly disclosed proof-of-concept at https://github.com/Litengzheng/vuldb_new2 triggers the stack overflow in fromPPTPUserSetting, crashing the device and, with proper gadget chaining for the embedded architecture, hijacking control flow to execute attacker-supplied code on the router with full administrative privileges.
Remediation No vendor-released patch identified at time of analysis - Tenda has not published an advisory or fixed firmware build for CVE-2026-9428 in the references provided. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all Tenda F1202 routers in production and verify firmware version 1.2.0.20.408; disable remote administrative access and PPTP services if operationally feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-31635 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy