Sign-up

ID

VAR-202503-2771


CVE

CVE-2025-2995


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  FH1202  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-003296

DESCRIPTION

A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of FH1202 There are unspecified vulnerabilities in the firmware.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2025-2995 // JVNDB: JVNDB-2025-003296

AFFECTED PRODUCTS

vendor:tendamodel:fh1202scope:eqversion:1.2.0.14\(408\)

Trust: 1.0

vendor:tendamodel:fh1202scope:eqversion:fh1202 firmware 1.2.0.14(408)

Trust: 0.8

vendor:tendamodel:fh1202scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1202scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-003296 // NVD: CVE-2025-2995

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-2995
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-003296
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2025-2995
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-003296
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-2995
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-003296
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-003296 // NVD: CVE-2025-2995

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-266

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-003296 // NVD: CVE-2025-2995

EXTERNAL IDS

db:NVDid:CVE-2025-2995

Trust: 2.6

db:VULDBid:302044

Trust: 1.8

db:JVNDBid:JVNDB-2025-003296

Trust: 0.8

sources: JVNDB: JVNDB-2025-003296 // NVD: CVE-2025-2995

REFERENCES

url:https://lavender-bicycle-a5a.notion.site/tenda-fh1202-systoolchangepwd-1bc53a41781f809b95a4efb617090d3c?pvs=4

Trust: 1.8

url:https://vuldb.com/?id.302044

Trust: 1.8

url:https://vuldb.com/?submit.523418

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://lavender-bicycle-a5a.notion.site/tenda-fh1202-systoolchangepwd-1bc53a41781f809b95a4efb617090d3c

Trust: 1.8

url:https://vuldb.com/?ctiid.302044

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-2995

Trust: 0.8

sources: JVNDB: JVNDB-2025-003296 // NVD: CVE-2025-2995

SOURCES

db:JVNDBid:JVNDB-2025-003296
db:NVDid:CVE-2025-2995

LAST UPDATE DATE

2025-04-13T23:35:59.943000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-003296date:2025-04-11T08:58:00
db:NVDid:CVE-2025-2995date:2025-04-08T13:05:30.387

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-003296date:2025-04-11T00:00:00
db:NVDid:CVE-2025-2995date:2025-03-31T13:15:45.310