F1202
Monthly
Stack-based buffer overflow in Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the opttype parameter in the fromPptpUserAdd function at /goform/PptpUserAdd, enabling potential arbitrary code execution with total impact on confidentiality, integrity, and availability. Publicly available exploit code exists (VulDB-referenced PoC on GitHub), though EPSS rates exploitation probability low at 0.05% and the issue is not on CISA KEV.
Stack-based buffer overflow in the Tenda F1202 router (firmware 1.2.0.20(408)) allows remote attackers to corrupt memory by sending a crafted 'dips' parameter to the formGstDhcpSetSer handler at /goform/GstDhcpSetSer. Publicly available exploit code exists (published via VulDB/GitHub), though EPSS rates real-world exploitation probability very low at 0.05%, and the issue is not listed in CISA KEV.
Stack-based buffer overflow in the Tenda F1202 router (firmware 1.2.0.20(408)) allows remote attackers to corrupt memory by sending a crafted 'delno' parameter to the /goform/WrlExtraSet endpoint handled by the formWrlExtraSet function. Publicly available exploit code exists, though EPSS predicts only a 0.05% exploitation probability (14th percentile), and SSVC classifies the technical impact as total despite the attack not being automatable.
Stack-based buffer overflow in the Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the delno parameter of the /goform/PPTPUserSetting endpoint handled by fromPPTPUserSetting. Publicly available exploit code exists per VulDB disclosure, though EPSS rates the exploitation probability at only 0.05% (14th percentile) and no public exploit identified at time of analysis appears in CISA KEV. Successful exploitation can compromise confidentiality, integrity, and availability of the device.
Stack-based buffer overflow in Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the opttype parameter in the fromPptpUserAdd function at /goform/PptpUserAdd, enabling potential arbitrary code execution with total impact on confidentiality, integrity, and availability. Publicly available exploit code exists (VulDB-referenced PoC on GitHub), though EPSS rates exploitation probability low at 0.05% and the issue is not on CISA KEV.
Stack-based buffer overflow in the Tenda F1202 router (firmware 1.2.0.20(408)) allows remote attackers to corrupt memory by sending a crafted 'dips' parameter to the formGstDhcpSetSer handler at /goform/GstDhcpSetSer. Publicly available exploit code exists (published via VulDB/GitHub), though EPSS rates real-world exploitation probability very low at 0.05%, and the issue is not listed in CISA KEV.
Stack-based buffer overflow in the Tenda F1202 router (firmware 1.2.0.20(408)) allows remote attackers to corrupt memory by sending a crafted 'delno' parameter to the /goform/WrlExtraSet endpoint handled by the formWrlExtraSet function. Publicly available exploit code exists, though EPSS predicts only a 0.05% exploitation probability (14th percentile), and SSVC classifies the technical impact as total despite the attack not being automatable.
Stack-based buffer overflow in the Tenda F1202 router firmware 1.2.0.20(408) allows authenticated remote attackers to corrupt memory via the delno parameter of the /goform/PPTPUserSetting endpoint handled by fromPPTPUserSetting. Publicly available exploit code exists per VulDB disclosure, though EPSS rates the exploitation probability at only 0.05% (14th percentile) and no public exploit identified at time of analysis appears in CISA KEV. Successful exploitation can compromise confidentiality, integrity, and availability of the device.