Stack-based Buffer Overflow in Tenda FH1201 Router
CVE-2024-41465

7.5HIGH

Key Information:

Vendor: Tenda
Status: Fh1201 Firmware
Vendor: CVE Published:; 24 July 2024

Summary

The Tenda FH1201 router, specifically version v1.2.0.14, is susceptible to a stack-based buffer overflow due to improper handling of the funcpara1 parameter during interaction with the ip/goform/setcfm endpoint. Exploiting this vulnerability potentially allows an attacker to execute arbitrary code, affecting the integrity and availability of the device. Network environments utilizing this router should assess their security posture and implement necessary mitigations to safeguard against potential exploitation.

References

https://github.com/iotresearch/iot-vuln/tree/main/Tenda/F...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2024
Vulnerability Reserved
Jul 18, 2024

Collectors

NVD DatabaseMitre Database