CVE-2026-9431
HighSummary
A vulnerability was identified in Tenda F1202 version 1.2.0.20(408), affecting the function fromPptpUserAdd in the file /goform/PptpUserAdd. Manipulation of the argument opttype leads to stack-based buffer overflow.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a risk of gaining control over the device. The publicly available exploit increases the likelihood of an attack.
Recommendation
It is recommended to update the device firmware to the latest version to mitigate this vulnerability. Additionally, monitor network traffic for potential attack attempts.
Original NVD description (English source)
A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.

