Vulnerabilities > CVE-2024-11650 - NULL Pointer Dereference vulnerability in Tenda I9 Firmware 1.0.0.8(3828)

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tenda

CWE-476

NVD

Published: 2024-11-25

Updated: 2024-11-25

Summary

A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda I9 Firmware 1.0.0.8\(3828\)	1
Hardware	Tenda Tenda I9 -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/xiaobor123/tenda-vul-i9
https://vuldb.com/?ctiid.285971
https://vuldb.com/?id.285971
https://vuldb.com/?submit.446592
https://www.tenda.com.cn/