Improper Access Control in Tenda FH1202 Web Management Interface
CVE-2025-2991
Key Information:
Badges
Summary
A vulnerability exists in the Tenda FH1202's web management interface that allows remote attackers to exploit inadequate access controls. The issue arises from the 'AdvSetWrlmacfilter' function, potentially allowing unauthorized users to gain elevated privileges and manipulate configurations without the necessary authentication. This vulnerability poses significant risks to network security, highlighting the need for immediate patches and enhanced access control measures.
Affected Version(s)
FH1202 1.2.0.14(408)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved