Tenda FH1202 1.2.0.14(408) /goform/WriteFacMac formWriteFacMac mac 权限升级

条目历史jsonxmlCTI

在Tenda FH1202 1.2.0.14(408) 中已发现分类为致命的漏洞。受此漏洞影响的是功能formWriteFacMac文件：/goform/WriteFacMac。手动调试的软件参数:mac不合法输入可导致权限升级。漏洞的CWE定义是 CWE-77。此漏洞的脆弱性 2024-03-27所发布。阅读公告的网址是github.com。该漏洞被称作为CVE-2024-2982，攻击只能在局域网内完成。有技术细节可用。此外还有一个漏洞可利用。该漏洞利用已公开，可能会被利用。当前漏洞利用的价值为美元大约是$0-$5k 。根据MITRE ATT&CK，此问题部署的攻击技术是T1202。它被宣布为proof-of-concept。可以在github.com下载该漏洞利用。我们估计的零日攻击价值约为$0-$5k。该漏洞被披露后，此前未曾发表过可能的缓解措施。

字段	2024-03-27 08時10分	2024-05-05 16時30分	2024-05-05 16時38分
vendor	Tenda	Tenda	Tenda
name	FH1202	FH1202	FH1202
version	1.2.0.14(408)	1.2.0.14(408)	1.2.0.14(408)
file	/goform/WriteFacMac	/goform/WriteFacMac	/goform/WriteFacMac
function	formWriteFacMac	formWriteFacMac	formWriteFacMac
argument	mac	mac	mac
cwe	77 (权限升级)	77 (权限升级)	77 (权限升级)
risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md
availability	1	1	1
publicity	1	1	1
url	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md	https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1202/formWriteFacMac.md
cve	CVE-2024-2982	CVE-2024-2982	CVE-2024-2982
responsible	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
date	1711494000 (2024-03-27)	1711494000 (2024-03-27)	1711494000 (2024-03-27)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_av	A	A	A
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.4	4.4	4.4
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.0	5.0	5.0
cvss3_meta_basescore	5.5	5.5	5.5
cvss3_meta_tempscore	5.0	5.0	5.2
cvss4_vuldb_bscore	5.1	5.1	5.1
cvss4_vuldb_btscore	2.0	2.0	2.0
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1711494000 (2024-03-27)	1711494000 (2024-03-27)
cve_nvd_summary		A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_cna_basescore			5.5

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!