Primary

Context

Tenda FH1202 Improper Access Control Vulnerability in Web Management Interface

Vulnerability

A critical vulnerability has been identified in the Tenda FH1202 router, specifically in version 1.2.0.14(408). This vulnerability resides within the web management interface, particularly in the '/goform/AdvSetWrl' file. It involves improper access controls, allowing unauthorized users to manipulate advanced settings of the device. The vulnerability can be exploited remotely without any authentication.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the device's advanced settings, potentially leading to misconfiguration or other security issues.

Reproduction

To reproduce this vulnerability, send an unauthenticated HTTP POST request to the '/goform/AdvSetWrl' endpoint. The request must be crafted to exploit the improper access control, allowing the attacker to change advanced settings on the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda FH1202 Improper Access Control Vulnerability in Web Management Interface

Vulnerability

Impact

Reproduction

Affected Products

Tenda FH1202

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating