Tenda FH1202 1.2.0.14(408) /goform/setcfm formSetCfm funcpara1 buffer overflow

È stata rilevata una vulnerabilità di livello critico in Tenda FH1202 1.2.0.14(408). É interessato la funzione formSetCfm del file /goform/setcfm. Per causa della manipolazione del parametro funcpara1 di un input sconosciuto se causa una vulnerabilità di classe buffer overflow. L'advisory è scaricabile da github.com. Questa vulnerabilità è identificata come CVE-2024-2984. L'attacco può essere lanciato da remoto. I dettagli tecnici sono conosciuti. È stato dichiarato come proof-of-concept. L'exploit è scaricabile da github.com. Una possibile soluzione è stata pubblicata già prima e non dopo la pubblicazione della vulnerabilità.

Campo27/03/2024 08:1005/05/2024 17:0205/05/2024 17:09
vendorTendaTendaTenda
nameFH1202FH1202FH1202
version1.2.0.14(408)1.2.0.14(408)1.2.0.14(408)
file/goform/setcfm/goform/setcfm/goform/setcfm
functionformSetCfmformSetCfmformSetCfm
argumentfuncpara1funcpara1funcpara1
cwe121 (buffer overflow)121 (buffer overflow)121 (buffer overflow)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
urlhttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.mdhttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.mdhttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.md
availability111
publicity111
urlhttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.mdhttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.mdhttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formSetCfm.md
cveCVE-2024-2984CVE-2024-2984CVE-2024-2984
responsibleVulDBVulDBVulDB
response_summaryThe vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.
date1711494000 (27/03/2024)1711494000 (27/03/2024)1711494000 (27/03/2024)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_uiNNN
cvss4_vuldb_vcHHH
cvss4_vuldb_viHHH
cvss4_vuldb_vaHHH
cvss4_vuldb_ePPP
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_prLLL
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss2_vuldb_basescore9.09.09.0
cvss2_vuldb_tempscore7.77.77.7
cvss3_vuldb_basescore8.88.88.8
cvss3_vuldb_tempscore8.08.08.0
cvss3_meta_basescore8.88.88.8
cvss3_meta_tempscore8.08.08.4
cvss4_vuldb_bscore8.78.78.7
cvss4_vuldb_btscore7.47.47.4
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1711494000 (27/03/2024)1711494000 (27/03/2024)
cve_nvd_summaryA vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciC
cvss2_nvd_iiC
cvss2_nvd_aiC
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cH
cvss3_cna_iH
cvss3_cna_aH
cve_cnaVulDB
cvss2_nvd_basescore9.0
cvss3_cna_basescore8.8

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!