CVE-2025-2993 in FH1202
Summary
by MITRE • 03/31/2025
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/26/2026
This critical vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) represents a significant security flaw that undermines the device's access control mechanisms through manipulation of the /default.cfg file. The vulnerability stems from insufficient input validation and improper access control implementation within the firmware's configuration handling functionality, creating an attack surface that allows remote exploitation without authentication requirements. The flaw specifically targets the argument processing within the default configuration file, enabling attackers to manipulate system parameters that should remain protected from unauthorized modification.
The technical nature of this vulnerability aligns with CWE-285, which addresses improper access control issues in software systems, and demonstrates how weak input validation can lead to privilege escalation and unauthorized system manipulation. Attackers can leverage this flaw remotely through network-based exploitation, making it particularly dangerous as it does not require physical access or local network presence to compromise the device. The disclosure of exploit code to the public community significantly increases the risk exposure, as malicious actors can readily implement the attack without requiring advanced technical skills or extensive research.
The operational impact of this vulnerability extends beyond simple unauthorized access, potentially allowing attackers to modify critical network configurations, disable security features, or establish persistent backdoors within the device. The remote exploit capability means that any device with this firmware version accessible from the internet becomes immediately vulnerable to compromise. This creates cascading security risks for networks where multiple Tenda FH1202 devices may be deployed, as a single compromised device could serve as an entry point for broader network infiltration attempts.
Organizations and individuals should immediately implement mitigation strategies including firmware updates from Tenda if available, network segmentation to isolate affected devices, and firewall rules that restrict access to the device's management interfaces. The vulnerability also highlights the importance of secure configuration management practices and regular security assessments of network equipment. From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation and persistence mechanisms, while also demonstrating how initial access through unpatched firmware can lead to broader network compromise. Network administrators should prioritize patching this vulnerability as a matter of high urgency given its critical classification and the public availability of exploitation methods.