Tenda FH1202 WriteFacMac formWriteFacMac command injection
CVE-2024-2982
Key Information:
Badges
Summary
A notable command injection vulnerability exists within the Tenda FH1202 router, specifically in the formWriteFacMac function found in the /goform/WriteFacMac file. This weakness can be exploited through improper handling of the MAC address parameter, allowing unauthorized command execution. The issue has been publicly disclosed, raising concerns for users regarding potential exploitation. As of now, the vendor has not responded to any communications regarding the vulnerability, which heightens the urgency for users to secure their devices.
Affected Version(s)
FH1202 1.2.0.14(408)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
25% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published