EUVD-2026-31639
GHSA-545r-9pqj-cc7g
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.
AnalysisAI
Stack-based buffer overflow in Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the opttype parameter in the fromPptpUserAdd function at /goform/PptpUserAdd, enabling potential arbitrary code execution with total impact on confidentiality, integrity, and availability. Publicly available exploit code exists (VulDB-referenced PoC on GitHub), though EPSS rates exploitation probability low at 0.05% and the issue is not on CISA KEV.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must have authenticated access to the Tenda F1202 web administration interface (CVSS PR:L - low-privilege credentials sufficient) and network reachability to the /goform/PptpUserAdd endpoint, which by default is exposed only on the LAN side. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 4.0 scores 7.4 (High) with AV:N/AC:L/PR:L/UI:N and high impact on C/I/A of the vulnerable component (VC:H/VI:H/VA:H) but no subsequent-system impact, reflecting compromise limited to the router itself. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privileged web UI credentials (default, reused, or phished) - or a malicious user on the LAN where the admin panel is reachable - sends a crafted HTTP POST to /goform/PptpUserAdd with an oversized opttype value, triggering the stack overflow in fromPptpUserAdd and overwriting the saved return address. The publicly available PoC at github.com/Litengzheng/vuldb_new2 demonstrates the crash primitive, and on typical embedded MIPS/ARM Linux firmware lacking ASLR/NX this is convertible to arbitrary code execution as the web-admin process (commonly root), giving full router takeover, traffic interception, and a pivot into the internal network. |
| Remediation | No vendor-released patch identified at time of analysis - Tenda has not published a fixed firmware build in the referenced data, so contact Tenda support (https://www.tenda.com.cn/) and monitor for an updated 1.2.0.x release that supersedes 1.2.0.20(408). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and catalog all Tenda F1202 routers deployed in your network and confirm their firmware versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today