Tenda FH1206 v02.03.01.35 Vulnerability: Stack Overflow Leads to Denial of Service
CVE-2024-42969

7.5HIGH

Key Information:

Vendor: Tenda
Status: Fh1206 Firmware
Vendor: CVE Published:; 15 August 2024

What is CVE-2024-42969?

The Tenda FH1206 router, specifically version v02.03.01.35, contains a vulnerability that arises from a stack overflow issue in the fromSafeUrlFilter function. Attackers can exploit this weakness by sending a specially crafted POST request, which may lead to a Denial of Service (DoS), disrupting the normal operation of the device. This vulnerability highlights potential risks in IoT devices and the importance of securing router firmware against such exploit techniques.

References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2024