Stack Overflow Vulnerability in Tenda FH1206 v02.03.01.35 Allows DoS via Crafted POST Request
CVE-2024-42974

7.5HIGH

Key Information:

Vendor: Tenda
Status: Fh1206 Firmware
Vendor: CVE Published:; 15 August 2024

What is CVE-2024-42974?

The Tenda FH1206 version 02.03.01.35 has been identified with a critical stack overflow vulnerability that arises from improper handling of the 'page' parameter within the 'fromwebExcptypemanFilter' function. This weakness can be exploited by attackers through specially crafted POST requests, potentially resulting in Denial of Service conditions. The significant security flaw raises serious concerns about the robustness of Tenda's IoT product offerings, exposing them to significant operational risks. Users of Tenda FH1206 should assess their devices for vulnerability and apply necessary mitigations.

References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2024