Stack-based Buffer Overflow in Tenda FH1201 Router
CVE-2024-41459

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Fh1201 Firmware
Vendor: CVE Published:; 24 July 2024

What is CVE-2024-41459?

The Tenda FH1201 router version 1.2.0.14 is vulnerable to a stack-based buffer overflow due to improper validation of the PPPOEPassword parameter at the ip/goform/QuickIndex endpoint. This vulnerability can be exploited by an attacker to execute arbitrary code on the affected device, potentially compromising the router's integrity and security. Users of the Tenda FH1201 should take immediate action to secure their devices against potential exploitation.

References

https://github.com/iotresearch/iot-vuln/blob/main/Tenda/F...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2024
Vulnerability Reserved
Jul 18, 2024