Tenda: >> X210 Firmware >> 2.12.20 Security Vulnerabilities
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-12-05
A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-05
A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.
CVSS Score
9.6
EPSS Score
0.001
Published
2025-12-05
File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-12-05
Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.
CVSS Score
8.3
EPSS Score
0.001
Published
2025-12-05
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-12-03