Null Pointer Dereference Vulnerability in Tenda i9 Router
CVE-2024-11650

Currently unrated

Key Information:

Vendor: Tenda
Status: I9
Vendor: CVE Published:; 25 November 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

CVE-2024-11650 highlights a critical vulnerability in the Tenda i9 router, specifically within the websReadEvent function, which is located in the /goform/GetIPTV file. This flaw leads to a null pointer dereference, allowing remote attackers to exploit the system without needing physical access. The vulnerability has been publicly disclosed, increasing the urgency for users to patch their devices. All users of Tenda i9 version 1.0.0.8(3828) should be alert to this vulnerability and ensure their devices are updated to safeguard against potential exploits.

Affected Version(s)

i9 1.0.0.8(3828)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-11650 - Proof of Concept

References

https://vuldb.com/?id.285971

vdb-entrytechnical-description

https://vuldb.com/?ctiid.285971

signaturepermissions-required

https://vuldb.com/?submit.446592

third-party-advisory

Timeline

🟡
Public PoC available
Nov 25, 2024
👾
Exploit known to exist
Nov 25, 2024
Vulnerability published
Nov 25, 2024
Vulnerability Reserved
Nov 24, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

xiaobor123 (VulDB User)