Stack-Based Buffer Overflow in Tenda FH1206 Product
CVE-2024-34944

8.8HIGH

Key Information:

Vendor: Tenda
Status: Fh1206 Firmware
Vendor: CVE Published:; 14 May 2024

Summary

A stack-based buffer overflow vulnerability was identified in the Tenda FH1206 wireless router at the ip/goform/DhcpListClient endpoint. This vulnerability arises due to improper handling of the list1 parameter, which can lead to potential unauthorized access or execution of arbitrary code. Users are advised to review their firmware versions and apply necessary updates to mitigate this risk.

References

https://www.tendacn.com/hk/download/detail-2344.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024