Arbitrary Command Execution Vulnerability in Tenda FH1201 Product
CVE-2024-42947

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Fh1201 Firmware
Vendor: CVE Published:; 15 August 2024

What is CVE-2024-42947?

The Tenda FH1201 v1.2.0.14 is susceptible to an arbitrary command execution vulnerability due to improper handling in the telnet service. An attacker can exploit this issue by sending a specially crafted HTTP request to the device. If successful, this could allow the attacker to execute arbitrary commands on the affected device, potentially compromising its integrity and security. This vulnerability highlights the importance of securing IoT devices against unauthorized access and ensuring that all services are properly configured and protected.

References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2024