Improper Access Controls in Tenda FH1202 Web Management Interface
CVE-2025-2992
Key Information:
Badges
Summary
The Tenda FH1202 device's Web Management Interface is susceptible to an improper access control vulnerability. Specifically, the flaw resides in the '/goform/AdvSetWrlsafeset' component, allowing unauthorized access that could be exploited remotely. This issue can lead to various security risks, including unauthorized configuration changes and exposure of sensitive information. Users are advised to apply security updates and review access permissions to mitigate potential threats.
Affected Version(s)
FH1202 1.2.0.14(408)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved