Vulnerabilities > CVE-2024-10750 - NULL Pointer Dereference vulnerability in Tenda I22 Firmware 1.0.0.3(4687)

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tenda

CWE-476

NVD

Published: 2024-11-04

Updated: 2024-11-07

Summary

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda I22 Firmware 1.0.0.3\(4687\)	1
Hardware	Tenda Tenda I22 -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://vuldb.com/?id.282919
https://vuldb.com/?ctiid.282919
https://vuldb.com/?submit.435407
https://github.com/xiaobor123/tenda-vul-i22
https://www.tenda.com.cn/