Arbitrary Command Execution Vulnerability in Tenda FH1201 Product
CVE-2024-42947

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Fh1201 Firmware
Vendor: CVE Published:; 15 August 2024

Summary

The Tenda FH1201 v1.2.0.14 is susceptible to an arbitrary command execution vulnerability due to improper handling in the telnet service. An attacker can exploit this issue by sending a specially crafted HTTP request to the device. If successful, this could allow the attacker to execute arbitrary commands on the affected device, potentially compromising its integrity and security. This vulnerability highlights the importance of securing IoT devices against unauthorized access and ensuring that all services are properly configured and protected.

References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 15, 2024

Collectors

NVD DatabaseMitre Database