Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution.
History

Tue, 02 Sep 2025 17:00:00 +0000

Type Values Removed Values Added
Description Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution.
References

Tue, 02 Sep 2025 16:45:00 +0000


Tue, 03 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:tenda:fh1206_firmware:*:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 16 Aug 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda fh1206
Tenda fh1206 Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:tenda:fh1206:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:fh1206_firmware:v02.03.1.35:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda fh1206
Tenda fh1206 Firmware
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Thu, 15 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
Description Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-02T16:50:24.750Z

Reserved: 2024-08-05T00:00:00.000Z

Link: CVE-2024-42987

cve-icon Vulnrichment

Updated: 2024-09-03T17:28:55.016Z

cve-icon NVD

Status : Modified

Published: 2024-08-15T17:15:21.820

Modified: 2025-09-02T17:15:34.390

Link: CVE-2024-42987

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.