Tenda Fh1206_firmware
39 CVEs affecting Tenda Fh1206_firmware. Latest disclosed: 2025-12-21. Critical: 5, High: 30.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-42978 | Critical | 9.8 | 2024-08-15 | An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. |
CVE-2024-35339 | Critical | 9.8 | 2024-05-24 | Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. |
CVE-2024-34945 | Critical | 9.8 | 2024-05-14 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle. |
CVE-2024-34943 | Critical | 9.8 | 2024-05-14 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. |
CVE-2024-33215 | Critical | 9.8 | 2024-04-23 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. |
CVE-2025-14994 | High | 8.8 | 2025-12-21 | A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the compon… |
CVE-2024-44390 | High | 8.8 | 2024-08-23 | Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset. |
CVE-2024-7707 | High | 8.8 | 2024-08-13 | A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /gofor… |
CVE-2024-7615 | High | 8.8 | 2024-08-12 | A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSa… |
CVE-2024-7614 | High | 8.8 | 2024-08-12 | A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qosset… |
CVE-2024-7613 | High | 8.8 | 2024-08-12 | A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDh… |
CVE-2024-34944 | High | 8.8 | 2024-05-14 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. |
CVE-2024-34942 | High | 8.8 | 2024-05-14 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand. |
CVE-2024-33212 | High | 8.8 | 2024-04-23 | Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm. |
CVE-2024-4020 | High | 8.8 | 2024-04-20 | A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressN… |
CVE-2024-35340 | High | 8.6 | 2024-05-24 | Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand. |
CVE-2024-42987 | High | 7.5 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be trigg… |
CVE-2024-42986 | High | 7.5 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows a… |
CVE-2024-42985 | High | 7.5 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers t… |
CVE-2024-42984 | High | 7.5 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attack… |