CVE Catalog

CVE-2026-9431

High
Published: Translated: NVD NIST

Summary

A vulnerability was identified in Tenda F1202 version 1.2.0.20(408), affecting the function fromPptpUserAdd in the file /goform/PptpUserAdd. Manipulation of the argument opttype leads to stack-based buffer overflow.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a risk of gaining control over the device. The publicly available exploit increases the likelihood of an attack.

Recommendation

It is recommended to update the device firmware to the latest version to mitigate this vulnerability. Additionally, monitor network traffic for potential attack attempts.

Original NVD description (English source)

A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS