Null Pointer Dereference Vulnerability in Tenda Routers
CVE-2024-10280

7.5HIGH

Key Information:

Vendor: Tenda
Status: Ac15 Firmware
Vendor: CVE Published:; 23 October 2024

What is CVE-2024-10280?

A vulnerability has been identified in various models of Tenda AC series routers, compromising the functionality of the websReadEvent within the /goform/GetIPTV module. The flaw lies in the manipulation of the Content-Length argument, which can lead to null pointer dereference, potentially allowing remote attackers to exploit the issue. This vulnerability affects Tenda models AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500, and AC1206, up to a specific version. The public disclosure of this exploit raises significant security concerns for users of affected products.

References

https://vuldb.com/?id.281555

https://vuldb.com/?ctiid.281555

https://vuldb.com/?submit.426417

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2024