CVE-2025-2992 in FH1202info

Summary

by MITRE • 03/31/2025

A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 03/31/2025

This critical vulnerability in Tenda FH1202 router firmware version 1.2.0.14(408) represents a significant security flaw within the web management interface component. The vulnerability resides in the /goform/AdvSetWrlsafeset file which handles advanced wireless settings configuration. This particular endpoint lacks proper authentication and authorization checks, creating a dangerous access control weakness that allows unauthorized users to manipulate wireless security settings. The flaw falls under CWE-285, which specifically addresses improper authorization issues in software systems, making it a direct violation of fundamental security principles that should be enforced at all levels of network infrastructure management.

The remote exploitability of this vulnerability presents a severe risk to network security as attackers can leverage this weakness from outside the local network without requiring physical access or prior authentication. This capability aligns with ATT&CK technique T1190 which describes exploiting vulnerabilities in remote services, and represents a classic privilege escalation vector where unauthenticated users can gain administrative control over wireless network configurations. The disclosure of the exploit to the public community means that malicious actors can readily implement this attack without requiring advanced technical skills or specialized knowledge, dramatically increasing the potential attack surface and impact.

The operational impact of this vulnerability extends beyond simple unauthorized access to encompass complete wireless network compromise. An attacker could modify wireless security settings including SSID configurations, encryption parameters, and access control lists, potentially leading to full network infiltration and data exfiltration. This flaw particularly affects enterprise and home network administrators who rely on proper access controls to protect their wireless infrastructure, as it undermines the fundamental security model of the device. The vulnerability's presence in the web management interface means that all users with access to the router's web portal could be exploited, creating a wide attack surface that could affect multiple network segments.

Organizations should immediately implement network segmentation strategies to isolate affected routers from critical systems and apply firmware updates as soon as they become available from Tenda. Network monitoring should be enhanced to detect unusual wireless configuration changes, and access controls should be reviewed to ensure that only authorized personnel can access management interfaces. The vulnerability demonstrates the importance of implementing defense-in-depth strategies where multiple layers of security controls are maintained to prevent single points of failure, as outlined in NIST SP 800-53 security controls. Administrators should also consider implementing network access control lists and firewall rules to restrict access to management interfaces from untrusted networks, while maintaining regular vulnerability assessments to identify similar flaws in other network infrastructure components.

Responsible

VulDB

Disclosure

03/31/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00603

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!