Remote Vulnerability in Tenda i22 Could Lead to Null Pointer Dereference

CVE-2024-10750

6.5MEDIUM

Key Information

Vendor: Tenda
Status: I22
Vendor: CVE Published:; 4 November 2024

Summary

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Version(s)

i22 = 1.0.0.3(4687)

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 6.5 - (MEDIUM)
Nov 4, 2024
Vulnerability published.
Nov 4, 2024
VulDB entry last update
Nov 3, 2024
Vulnerability Reserved.
Nov 3, 2024
VulDB entry created
Nov 3, 2024
Advisory disclosed
Nov 3, 2024

Collectors

NVD DatabaseMitre Database

Credit

xiaobor123 (VulDB User)