Remote Code Execution Vulnerability in Tenda Networking Products
CVE-2024-12002
Key Information
- Vendor
- Tenda
- Status
- Fh451
- Fh1201
- Fh1202
- Fh1206
- Vendor
- CVE Published:
- 30 November 2024
Badges
Summary
A high-risk vulnerability (CVE-2024-12002) has been identified in various Tenda networking products, including the FH451, FH1201, FH1202, and FH1206. This vulnerability occurs within the websReadEvent function located in the /goform/GetIPTV file. A remote attacker can manipulate the Content-Length argument, leading to a null pointer dereference condition. The vulnerability has been publicly disclosed, which implies that it could be actively exploited by cybercriminals. Users are strongly advised to update their devices to mitigate any risks associated with this flaw.
Affected Version(s)
FH451 = 20241129
FH1201 = 20241129
FH1202 = 20241129
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved