Tenda FH1202 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow
CVE-2024-2981
Key Information:
Badges
Summary
A stack-based buffer overflow vulnerability exists in the Tenda FH1202 Wi-Fi router. This issue is present in the function form_fast_setting_wifi_set located in the /goform/fast_setting_wifi_set file. Attackers can exploit this vulnerability by manipulating the SSID argument, resulting in potential remote code execution due to insufficient input validation. The exploit has been made public, indicating a serious risk of malicious exploitation targeting affected users. Despite being disclosed to Tenda, there has been no response from the vendor regarding this vulnerability.
Affected Version(s)
FH1202 1.2.0.14(408)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published