Primary

Context

Tenda FH1202 Improper Access Control Vulnerability in Web Management Interface

Vulnerability

A critical improper access control vulnerability has been identified in the Tenda FH1202 router, specifically in version 1.2.0.14(408). The issue resides within the web management interface, particularly the '/goform/qossetting' file. This vulnerability allows unauthorized users to manipulate QoS settings by sending specially crafted HTTP POST requests. The vulnerability can be exploited remotely without any authentication.

Impact

Exploitation of this vulnerability allows for unauthorized modification of QoS settings on the affected device, potentially disrupting network performance and management.

Reproduction

To reproduce this vulnerability, send an unauthenticated HTTP POST request to the '/goform/qossetting' endpoint. Include a payload that specifies the desired QoS settings. The absence of proper access controls will allow the request to be processed, resulting in the unauthorized modification of QoS settings on the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda FH1202 Improper Access Control Vulnerability in Web Management Interface

Vulnerability

Impact

Reproduction

Affected Products

Tenda FH1202

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating