Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution. |
References |
|
Tue, 02 Sep 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 03 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:o:tenda:fh1206_firmware:*:*:*:*:*:*:*:* | |
Metrics |
ssvc
|
Fri, 16 Aug 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tenda
Tenda fh1206 Tenda fh1206 Firmware |
|
Weaknesses | CWE-787 | |
CPEs | cpe:2.3:h:tenda:fh1206:-:*:*:*:*:*:*:* cpe:2.3:o:tenda:fh1206_firmware:v02.03.1.35:*:*:*:*:*:*:* |
|
Vendors & Products |
Tenda
Tenda fh1206 Tenda fh1206 Firmware |
|
Metrics |
cvssV3_1
|
Thu, 15 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-02T16:50:24.750Z
Reserved: 2024-08-05T00:00:00.000Z
Link: CVE-2024-42987

Updated: 2024-09-03T17:28:55.016Z

Status : Modified
Published: 2024-08-15T17:15:21.820
Modified: 2025-09-02T17:15:34.390
Link: CVE-2024-42987

No data.

No data.