CVE-2025-5978

A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\(408\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*

History

20 Jun 2025, 14:47

Type Values Removed Values Added
First Time Tenda fh1202
Tenda fh1202 Firmware
Tenda
References () https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f?source=copy_link - () https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f?source=copy_link - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.311856 - () https://vuldb.com/?ctiid.311856 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.311856 - () https://vuldb.com/?id.311856 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.592462 - () https://vuldb.com/?submit.592462 - Third Party Advisory, VDB Entry
References () https://www.tenda.com.cn/ - () https://www.tenda.com.cn/ - Product
References () https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f - () https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f - Exploit, Third Party Advisory
CPE cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:fh1202_firmware:1.2.0.14\(408\):*:*:*:*:*:*:*
CWE CWE-787

11 Jun 2025, 14:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Tenda FH1202 1.2.0.14. Se ha clasificado como crítica. La función fromVirtualSer del archivo /goform/VirtualSer está afectada. La manipulación de la página de argumentos provoca un desbordamiento del búfer basado en la pila. Es posible ejecutar el ataque de forma remota. Se ha hecho público el exploit y puede que sea utilizado.
References
  • () https://lavender-bicycle-a5a.notion.site/Tenda-FH1202-fromVirtualSer-20b53a41781f80b7a6c7e727f93d7d9f -

10 Jun 2025, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-10 21:15

Updated : 2025-06-20 14:47


NVD link : CVE-2025-5978

Mitre link : CVE-2025-5978

CVE.ORG link : CVE-2025-5978


JSON object : View

Products Affected

tenda

  • fh1202
  • fh1202_firmware
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write