Volerion logoVolerion
Volerion logoVolerion

Tenda FH1202 Improper Access Control Vulnerability

Vulnerability

A critical vulnerability has been identified in the Tenda FH1202 router, specifically in version 1.2.0.14(408). The issue arises from improper access controls in the default configuration file, '/default.cfg'. This vulnerability allows unauthorized users to access sensitive information, including the login password, which can be extracted from the decoded configuration file. The vulnerability can be exploited remotely without any authentication.

Impact

Exploitation of this vulnerability allows unauthorized access to the router's configuration file, potentially exposing sensitive information such as login credentials.

Reproduction

To reproduce this vulnerability, send a request to the '/default.cfg' endpoint on a Tenda FH1202 router running version 1.2.0.14(408). No authentication is required, and the response will include the configuration file, which contains sensitive information such as the login password.

Remediation

It is recommended to apply restrictive firewall rules to block unauthorized access to the vulnerable endpoint.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.5
exploitability
9.1
remediation
7.9
relevance
0.0
threat
6.5
urgency
2.9
incentive
9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.