Stack-based Buffer Overflow in Tenda FH1202 Router
CVE-2024-2984

8.8HIGH

Key Information:

Vendor: Tenda
Status: Fh1202 Firmware
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-2984?

A stack-based buffer overflow vulnerability has been identified in the Tenda FH1202 router, specifically in the 'formSetCfm' function of the '/goform/setcfm' file. This flaw allows for manipulation of the 'funcpara1' argument, potentially enabling attackers to execute arbitrary code remotely. The vulnerability has been publicly disclosed, raising concerns about its exploitation. As a precautionary measure, users of the Tenda FH1202 router should apply necessary security updates and consider implementing further protective measures.

References

https://vuldb.com/?id.258153

https://vuldb.com/?ctiid.258153

https://vuldb.com/?submit.301275

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024