Tenda FH1202 Improper Access Control Vulnerability in Web Management Interface

A critical improper access control vulnerability has been identified in the Tenda FH1202 router, specifically in version 1.2.0.14(408). The issue resides in the web management interface, within an unknown function of the file '/goform/AdvSetWrlmacfilter'. This vulnerability allows unauthorized users to manipulate MAC filter settings by sending a specially crafted HTTP POST request. The vulnerability can be exploited remotely without authentication, posing a significant risk to the device's integrity.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the device's MAC filter settings, potentially leading to unauthorized network access or disruption of network services.

Reproduction

To reproduce this vulnerability, send an unauthenticated HTTP POST request to the '/goform/AdvSetWrlmacfilter' endpoint. Include the desired MAC filter settings in the request. The absence of proper access controls will allow the modification of MAC filter settings on the device.