CVE Details
Basic Information
| Title | Tenda FH1202 PPTPUserSetting fromPptpUserSetting stack-based overflow |
|---|---|
| Type | cve |
| Published | 2025-07-13T15:32:06.988Z |
| Modified | 2025-07-13T15:32:06.988Z |
Product Information
| Vendor | Tenda |
|---|---|
| Product | FH1202 |
| Version | 1.2.0.14(408) |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical stack-based buffer overflow vulnerability in Tenda FH1202 router’s PPTPUserSetting function allows remote attackers to exploit the delno argument, potentially leading to system compromise. This issue is highly severe due to the router’s widespread use and the remote attack vector. |
|---|---|
| AI Severity | Critical |
| AI Vendor | Tenda |
| AI Product | FH1202 |
| AI Version | 1.2.0.14(408) |
Affected Products
- Tenda FH1202 1.2.0.14(408)
Additional Information
| CWE List | CWE-121, CWE-119 |
|---|---|
| Source | VulDB |
Description
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.