Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow

July 13, 2025 invoker category_cve

CVE Details

Basic Information

Title Tenda FH1202 PPTPDClient fromPptpUserAdd stack-based overflow
Type cve
Published 2025-07-13T15:02:07.201Z
Modified 2025-07-13T15:02:07.201Z

Product Information

Vendor Tenda
Product FH1202
Version 1.2.0.14(408)

CVSS Information

Base Score 8.7 (HIGH)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

AI Analysis

AI Description A critical stack-based buffer overflow vulnerability in Tenda FH1202 version 1.2.0.14(408) allows remote attackers to exploit the fromPptpUserAdd function via the Username argument, potentially leading to system compromise.
AI Severity High
AI Vendor Tenda
AI Product FH1202
AI Version 1.2.0.14(408)

Affected Products

  • Tenda FH1202 1.2.0.14(408)

Additional Information

CWE List CWE-121, CWE-119
Source VulDB

Description

A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.