Fh1201 Firmware
Monthly
CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.
CVE-2025-7550 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated remote attacker can exploit the 'dips' parameter to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exists, and the vulnerability exhibits active exploitation characteristics with a CVSS score of 8.8.
CVE-2025-7549 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the L7Prot form handler. An authenticated remote attacker can exploit the 'page' parameter to overflow the stack, achieving complete compromise of the device with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be considered actively exploitable.
CVE-2025-7548 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 wireless router firmware version 1.2.0.14(408) affecting the SafeEmailFilter function. An authenticated remote attacker can exploit an improper bounds check on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code exists for this vulnerability, elevating real-world risk significantly.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
CVE-2025-7465 is a critical remote buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14 affecting the HTTP POST request handler's fromRouteStatic function. An authenticated attacker can exploit improper input validation on the 'page' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists and the vulnerability may be actively exploited in the wild.
A critical buffer overflow vulnerability exists in Tenda FH1201 wireless router firmware version 1.2.0.14, located in the HTTP POST handler for wireless safety settings. An authenticated attacker can remotely exploit this vulnerability by sending a crafted request with an oversized 'mit_ssid' parameter to the /goform/AdvSetWrlsafeset endpoint, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit is available, and this vulnerability meets CISA KEV criteria for active exploitation in the wild.
Critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/SafeMacFilter endpoint. An authenticated remote attacker can exploit the 'page' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code exists and the vulnerability is actively exploitable.
CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.
CVE-2025-7550 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated remote attacker can exploit the 'dips' parameter to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exists, and the vulnerability exhibits active exploitation characteristics with a CVSS score of 8.8.
CVE-2025-7549 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the L7Prot form handler. An authenticated remote attacker can exploit the 'page' parameter to overflow the stack, achieving complete compromise of the device with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be considered actively exploitable.
CVE-2025-7548 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 wireless router firmware version 1.2.0.14(408) affecting the SafeEmailFilter function. An authenticated remote attacker can exploit an improper bounds check on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code exists for this vulnerability, elevating real-world risk significantly.
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
CVE-2025-7465 is a critical remote buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14 affecting the HTTP POST request handler's fromRouteStatic function. An authenticated attacker can exploit improper input validation on the 'page' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists and the vulnerability may be actively exploited in the wild.
A critical buffer overflow vulnerability exists in Tenda FH1201 wireless router firmware version 1.2.0.14, located in the HTTP POST handler for wireless safety settings. An authenticated attacker can remotely exploit this vulnerability by sending a crafted request with an oversized 'mit_ssid' parameter to the /goform/AdvSetWrlsafeset endpoint, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit is available, and this vulnerability meets CISA KEV criteria for active exploitation in the wild.
Critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/SafeMacFilter endpoint. An authenticated remote attacker can exploit the 'page' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code exists and the vulnerability is actively exploitable.