Description
A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.
Published: 2026-05-25
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow exists in the fromPptpUserAdd function of the Tenda F1202 router firmware. The vulnerability is triggered by manipulating the opttype argument sent to the /goform/PptpUserAdd endpoint. Attackers can remotely trigger the overflow, potentially allowing arbitrary code execution and resulting in compromise of the device’s confidentiality, integrity, and availability. The flaw is characterized by CWE-119 and CWE-121 weaknesses in input validation and stack handling.

Affected Systems

Only the Tenda F1202 router running firmware 1.2.0.20(408) is known to be affected. No other Tenda products or firmware versions are listed as vulnerable in the current data.

Risk and Exploitability

The CVSS score of 8.7 classifies this flaw as high‑severity. Although the EPSS score is not available, the vulnerability is publicly exploitable and the exploit is already in circulation, indicating a realistic threat. The instance is not presently listed in the CISA KEV catalog. Attackers can exercise the flaw remotely without local access, so routine penetration testing should include attempts to trigger the PptpUserAdd endpoint to validate any mitigations.

Generated by OpenCVE AI on May 25, 2026 at 07:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor‑supplied firmware patch or upgrade to the latest stable firmware released by Tenda for the F1202 device.
  • If a patch is not available, disable or restrict remote Pptp access, block the UDP/TCP ports used for Pptp, and isolate the router on a separate VLAN or with stricter firewall rules.
  • Continuously monitor system logs for repeated attempts to interact with the /goform/PptpUserAdd endpoint and set up alerts for anomalous remote access patterns.

Generated by OpenCVE AI on May 25, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda f1202
Vendors & Products Tenda f1202

Mon, 25 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.
Title Tenda F1202 PptpUserAdd fromPptpUserAdd stack-based overflow
First Time appeared Tenda
Tenda f1202 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:f1202_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda f1202 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda F1202 F1202 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-25T05:45:10.169Z

Reserved: 2026-05-24T07:03:29.836Z

Link: CVE-2026-9431

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T07:30:19Z

Weaknesses