CVE-2025-2996

Name of the Vulnerable Software and Affected Versions Tenda FH1202 version 1.2.0.14(408)

Description A critical issue affects the Web Management Interface component, specifically the unknown processing of the file /goform/SysToolDDNS. This leads to improper access controls, allowing for remote attacks. The exploit has been publicly disclosed.

Recommendations For Tenda FH1202 version 1.2.0.14(408), consider restricting access to the /goform/SysToolDDNS endpoint until a patch is available. As a temporary workaround, limit the use of the Web Management Interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.