Vulnerabilities > CVE-2024-12002 - NULL Pointer Dereference vulnerability in Tenda products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tenda

CWE-476

NVD

Published: 2024-11-30

Updated: 2024-12-10

Summary

A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vulnerable Configurations

Part	Description	Count
OS	Tenda Tenda Fh451 Firmware 1.0.0.5 Tenda Fh451 Firmware 1.0.0.7 Tenda Fh451 Firmware 1.0.0.9 Tenda Fh1201 Firmware 1.2.0.8\(8155\) Tenda Fh1201 Firmware 1.2.0.14\(408\)_En Tenda Fh1202 Firmware 1.2.0.9 Tenda Fh1202 Firmware 1.2.0.14\(408\) Tenda Fh1202 Firmware 1.2.0.14\(408\)_En Tenda Fh1206 Firmware 1.2.0.8\(8155\)	9
Hardware	Tenda Tenda Fh451 - Tenda Fh1201 - Tenda Fh1202 - Tenda Fh1206 -	4

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References