CVE-2023-38938

CRITICAL

Tenda F1202 PA202 PW201A FH1202 - Stack Overflow via L7Im Page Parameter

Title source: llm

Description

Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/frmL7ImForm

Scores

CVSS v3 9.8

EPSS 0.0015

EPSS Percentile 35.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-787

Status published

Products (4)

tenda/f1202_firmware 1.2.0.9

tenda/fh1202_firmware 1.2.0.9

tenda/pa202_firmware 1.1.2.5

tenda/pw201a_firmware 1.1.2.5

Published Aug 07, 2023

Tracked Since Feb 18, 2026