High severity8.0NVD Advisory· Published May 21, 2017· Updated May 13, 2026

CVE-2017-9138

Description

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.

Affected products

Tenda/F1200 Firmware
cpe:2.3:o:tendacn:f1200_firmware:*:*:*:*:*:*:*:*
Range: <=1.2.0.19
Tenda/F1202 Firmware
cpe:2.3:o:tendacn:f1202_firmware:*:*:*:*:*:*:*:*
Range: <=1.2.0.19
Tenda/Fh1202 Firmware
cpe:2.3:o:tendacn:fh1202_firmware:*:*:*:*:*:*:*:*
Range: <=1.2.0.19

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.tendacn.com/en/2017.htmlnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.520
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000