Tenda F1202 WrlExtraSet formWrlExtraSet stack-based overflow
Description
A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in Tenda F1202 formWrlExtraSet function allows remote denial of service or code execution via a crafted GO parameter.
Vulnerability
A stack-based buffer overflow vulnerability exists in the formWrlExtraSet function of Tenda F1202 firmware version 1.2.0.20(408). The flaw resides in the /goform/WrlExtraSet file and is triggered by manipulating the delno argument (internally passed as the GO parameter). The user-supplied GO value is passed to sprintf without length validation, leading to buffer overflow [1]. The affected product is Tenda F1202 version V1.2.0.20(408) [1].
Exploitation
An attacker can exploit this vulnerability remotely by sending a crafted HTTP POST request to /goform/WrlExtraSet with an overly long GO parameter. The reference provides a proof-of-concept (PoC) that sends a 557-character GO value, demonstrating the overflow [1]. No authentication is required; the attack can be initiated from the network [1].
Impact
Successful exploitation leads to stack-based buffer overflow, which can cause a denial of service (DoS) or potentially allow remote code execution (RCE) [1]. The attacker may achieve arbitrary code execution with the privileges of the httpd process, gaining full control of the device [1].
Mitigation
As of the publication date, Tenda has not released a patched firmware for the F1202. Users are advised to check the vendor website [2] for any future updates. Until a fix is available, network segmentation and restricting access to the device's web interface from untrusted networks can reduce exposure. The vulnerability is publicly known and could be exploited [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing length check on the user-supplied GO parameter before passing it to sprintf, leading to stack-based buffer overflow."
Attack vector
An attacker sends a crafted POST request to `/goform/WrlExtraSet` with an overly long `GO` parameter. The httpd daemon copies this attacker-controlled string into a fixed stack buffer via `sprintf` without bounds checking, causing a stack-based buffer overflow. The attack is remotely exploitable over the network with no authentication required [ref_id=1].
Affected code
The vulnerability resides in the `formWrlExtraSet` function within the `/goform/WrlExtraSet` handler of the httpd binary. The function reads the user-supplied `GO` parameter and passes it to the `sub_39978` function without any length check, which then passes it to `sprintf`, overflowing a stack-based buffer `s_` [ref_id=1].
What the fix does
No patch is provided in the available references. The advisory recommends that the vendor should add length validation on the `GO` parameter before passing it to `sprintf` or replace the unsafe `sprintf` with a bounded function such as `snprintf` to prevent stack buffer overflow [ref_id=1].
Preconditions
- networkThe attacker must be able to reach the router's web management interface over the network.
- authNo authentication is required; the vulnerable endpoint /goform/WrlExtraSet is accessible without prior login.
Reproduction
Send a POST request to `http://
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/Litengzheng/vuldb_new2/blob/main/F1202/vul_31/README.mdmitreexploit
- vuldb.com/submit/813912mitrethird-party-advisory
- vuldb.com/vuln/365410mitrevdb-entrytechnical-description
- vuldb.com/vuln/365410/ctimitresignaturepermissions-required
- www.tenda.com.cnmitrebroken-linkproduct
News mentions
0No linked articles in our index yet.