CVE-2025-3236

Published: Apr 4, 2025Modified: May 28, 2025

6.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Tenda: Fh1202 Firmware

1 product

Fh1202 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Fh1202 Firmware	Version 1.2.0.14(408)

Running on/with	Platform Versions
Tenda Fh1202	All versions

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (5)

https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-VirSerDMZ-1bc53a41781f809b9e6cdd60fe4e428c?pvs=4

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.303262

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.303262

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.546367

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Source: cna@vuldb.com

Product

Timeline

No history available yet.