Stack-based Buffer Overflow in Tenda FH1201 Router
CVE-2024-41465

7.5HIGH

Key Information:

Vendor: Tenda
Status: Fh1201 Firmware
Vendor: CVE Published:; 24 July 2024

What is CVE-2024-41465?

The Tenda FH1201 router, specifically version v1.2.0.14, is susceptible to a stack-based buffer overflow due to improper handling of the funcpara1 parameter during interaction with the ip/goform/setcfm endpoint. Exploiting this vulnerability potentially allows an attacker to execute arbitrary code, affecting the integrity and availability of the device. Network environments utilizing this router should assess their security posture and implement necessary mitigations to safeguard against potential exploitation.

References

https://github.com/iotresearch/iot-vuln/tree/main/Tenda/F...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2024
Vulnerability Reserved
Jul 18, 2024