Primary

Context

Tenda FH1202 Web Management Interface Improper Access Control Vulnerability

Vulnerability

A critical vulnerability has been identified in the Tenda FH1202 router, specifically in version 1.2.0.14(408). The issue resides within the Web Management Interface, particularly in the file '/goform/AdvSetWrlsafeset'. This vulnerability allows for improper access controls, enabling unauthorized users to manipulate certain settings. The flaw can be exploited remotely without authentication.

Impact

Exploitation of this vulnerability allows for improper access control, where the device's safe settings can be altered by an unauthorized actor.

Reproduction

To reproduce this vulnerability, send an unauthenticated HTTP POST request to the '/goform/AdvSetWrlsafeset' endpoint. This request can be crafted to manipulate the safe settings of the Tenda FH1202 router.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda FH1202 Web Management Interface Improper Access Control Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Tenda FH1202

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating