CVE-2025-2995 in FH1202info

Summary

by MITRE • 03/31/2025

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/08/2025

The vulnerability identified as CVE-2025-2995 represents a critical security flaw in the Tenda FH1202 router firmware version 1.2.0.14(408) affecting its web management interface. This issue resides within the /goform/SysToolChangePwd endpoint which handles system tool password changes, making it a prime target for unauthorized access attempts. The vulnerability stems from inadequate access control mechanisms that fail to properly validate user permissions before processing password modification requests. Security researchers have classified this as a critical risk due to the combination of remote exploitability and the potential for privilege escalation through improper authentication checks.

The technical implementation of this flaw demonstrates a classic improper access control vulnerability, which aligns with CWE-285, specifically addressing insufficient authorization in web applications. The vulnerability allows remote attackers to manipulate the password change functionality without proper authentication, effectively bypassing the intended security controls designed to protect system administration interfaces. The attack vector is particularly concerning as it requires no physical access to the device and can be executed entirely through network communication, making it highly accessible to malicious actors. This weakness directly enables unauthorized users to gain administrative privileges over the router, potentially leading to complete network compromise.

The operational impact of this vulnerability extends far beyond simple unauthorized access, as it provides attackers with full administrative control over the affected router. Once exploited, an attacker could modify network configurations, redirect traffic, implement man-in-the-middle attacks, or establish persistent backdoors within the network infrastructure. The disclosure of public exploit availability significantly increases the risk exposure, as malicious actors can immediately leverage this vulnerability without requiring advanced technical skills or custom development. Network administrators face the potential for widespread compromise across all devices connected to networks protected by vulnerable Tenda FH1202 routers, particularly in enterprise environments where such devices may be deployed without proper security monitoring.

Mitigation strategies should prioritize immediate firmware updates from Tenda to address the identified access control weakness, while network administrators should implement additional security measures including network segmentation, firewall rules restricting access to management interfaces, and regular monitoring for unauthorized access attempts. The implementation of multi-factor authentication for router management interfaces and network access control lists can provide additional layers of protection. Security teams should also consider conducting comprehensive vulnerability assessments of all network devices to identify similar access control weaknesses and ensure proper network hygiene practices are maintained. Organizations should follow ATT&CK framework guidance for network infrastructure protection, particularly focusing on privilege escalation and defense evasion techniques that could be employed through this vulnerability.

Responsible

VulDB

Disclosure

03/31/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00760

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!