CVE-2023-37722 in F1202
Summary
by MITRE • 07/14/2023
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/18/2026
The vulnerability identified as CVE-2023-37722 affects Tenda wireless routers including models F1202 and FH1202 with specific firmware versions. This issue resides within the web interface handling mechanism where the page parameter in the fromSafeUrlFilter function exhibits stack overflow characteristics. The affected devices operate with firmware versions V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, representing a significant security risk for network administrators and end users who rely on these networking devices. The stack overflow vulnerability occurs during the processing of web requests through the device's administrative interface, creating a potential entry point for malicious actors to exploit the device's network stack.
This vulnerability represents a classic stack buffer overflow scenario classified under CWE-121 as stack-based buffer overflow, where insufficient bounds checking allows an attacker to overwrite adjacent memory locations on the stack. The fromSafeUrlFilter function fails to properly validate the length of the page parameter input, enabling an attacker to craft malicious requests that exceed the allocated stack buffer space. The flaw manifests when the device processes HTTP requests containing specially crafted page parameter values that trigger the overflow condition during string handling operations. This type of vulnerability falls under the ATT&CK technique T1210 - Exploitation of Remote Services, specifically targeting the device's web server component.
The operational impact of this vulnerability extends beyond simple denial of service scenarios as it provides potential for remote code execution and complete device compromise. An attacker could leverage this vulnerability to gain unauthorized access to the router's administrative interface, potentially leading to full network control, data exfiltration, or the ability to modify network configurations. The affected devices operate in residential and small office environments where they often serve as the primary gateway to internet connectivity, making them attractive targets for cybercriminals seeking persistent access to networks. The vulnerability is particularly concerning because it does not require authentication for exploitation, as the web interface is accessible to unauthenticated users.
Mitigation strategies should prioritize immediate firmware updates from Tenda's official support channels, as these releases typically contain patched versions of the vulnerable function. Network administrators should implement additional security measures including disabling unnecessary web interface access, implementing firewall rules to restrict access to the router's administrative ports, and monitoring for suspicious traffic patterns. The vulnerability demonstrates the importance of input validation in web applications and highlights the need for proper bounds checking in all string handling operations. Organizations should consider network segmentation to limit the potential impact of a successful exploitation and implement continuous monitoring solutions to detect anomalous behavior in their network infrastructure. Security professionals should also conduct vulnerability assessments to identify other potentially affected devices within their network infrastructure and ensure proper patch management procedures are in place to prevent similar issues in the future.