| Title | Tenda FH1201 V1.0BR_V1.2.0.14 Buffer Overflow |
|---|
| Description | The Tenda FH1201 V1.0BR_V1.2.0.14 firmware has a buffer overflow vulnerability in the formWrlsafeset function. The Var variable receives the mit_ssid parameter from a POST request. However, since the user can control the input of mit_ssid, the sprintf can cause a buffer overflow vulnerability. |
|---|
| Source | ⚠️ https://candle-throne-f75.notion.site/Tenda-FH1201-formWrlsafeset-228df0aa118580a3b0dcd29972efbf0e |
|---|
| User | Yangshuangning (UID 72999) |
|---|
| Submission | 07/06/2025 20:14 (11 months ago) |
|---|
| Moderation | 07/11/2025 13:32 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 316114 [Tenda FH1201 1.2.0.14 HTTP POST Request /goform/AdvSetWrlsafeset formWrlsafeset mit_ssid buffer overflow] |
|---|
| Points | 15 |
|---|