CVE-2025-2994 in FH1202info

Summary

by MITRE • 03/31/2025

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/28/2026

This critical vulnerability in Tenda FH1202 router firmware version 1.2.0.14(408) represents a significant security flaw within the web management interface component. The vulnerability resides in the /goform/qossetting file, which is part of the device's web administration system that allows users to configure quality of service settings for network traffic. The improper access controls present in this component create a path for unauthorized users to bypass authentication mechanisms and gain administrative privileges on the affected device.

The technical nature of this flaw falls under CWE-285 Improper Access Controls, which is categorized within the OWASP Top Ten as a critical security weakness. This vulnerability allows remote exploitation without requiring any local access or authentication credentials from the attacker's perspective. The attack vector can be initiated entirely through network-based means, making it particularly dangerous as it can be exploited by anyone with access to the network where the device resides.

The operational impact of this vulnerability is severe and multifaceted. Once successfully exploited, an attacker gains full administrative control over the router, enabling them to modify network configurations, implement man-in-the-middle attacks, redirect traffic through malicious servers, or establish persistent backdoors. The compromised device can then be used as a pivot point for lateral movement within the local network, potentially providing access to connected computers, IoT devices, and other network resources. This vulnerability directly maps to ATT&CK technique T1021.001 Remote Services: Remote Desktop Protocol, where unauthorized access to network infrastructure enables broader compromise of the enterprise environment.

The fact that this exploit has been publicly disclosed significantly increases the risk profile of affected installations. Publicly available exploitation tools allow even non-technical attackers to leverage this vulnerability effectively. Organizations should immediately assess their network inventory to identify all affected Tenda FH1202 devices and implement immediate mitigation measures. The recommended approach includes applying the latest firmware updates from Tenda if available, implementing network segmentation to isolate these devices, and monitoring network traffic for signs of exploitation attempts. Additionally, network administrators should consider disabling unnecessary web management interfaces and implementing strict firewall rules that restrict access to administrative ports only to trusted networks.

From a security posture perspective, this vulnerability demonstrates the critical importance of proper input validation and access control implementation in web-based administrative interfaces. The flaw represents a fundamental breakdown in the principle of least privilege, where administrative functions are accessible without proper authentication mechanisms. Organizations should conduct comprehensive vulnerability assessments of all network equipment and implement continuous monitoring to detect similar flaws in other network infrastructure components. The vulnerability also highlights the need for regular firmware updates and security patches as a critical component of risk management strategies, particularly for network devices that are often overlooked in traditional security assessments.

The broader implications extend beyond immediate exploitation potential to encompass long-term security implications for organizations relying on legacy network equipment. This vulnerability type represents one of the most common attack vectors in network infrastructure devices, making it a prime target for both automated scanning tools and targeted attacks. Security teams should implement comprehensive device inventory management to track all network equipment, particularly those from vendors with known security issues or limited support cycles. The public disclosure of this exploit also underscores the importance of vulnerability coordination and responsible disclosure practices in preventing widespread exploitation of critical flaws before proper patches are available.

Responsible

VulDB

Disclosure

03/31/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00597

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!