Tenda FH451 vulnerable to remote null pointer dereference exploit
CVE-2024-12002
4.3MEDIUM
Key Information
- Vendor
- Tenda
- Status
- Fh451
- Fh1201
- Fh1202
- Fh1206
- Vendor
- CVE Published:
- 30 November 2024
Summary
A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Affected Version(s)
FH451 = 20241129
FH1201 = 20241129
FH1202 = 20241129
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 4.3 - (MEDIUM)
Vulnerability published.
VulDB entry last update
Vulnerability Reserved.
VulDB entry created
Advisory disclosed
Collectors
NVD DatabaseMitre Database
Credit
Kalv1n2077 (VulDB User)