Tenda FH1206 v02.03.01.35 Stack Overflow Vulnerability Could Lead to Denial of Service
CVE-2024-42981

7.5HIGH

Key Information:

Vendor: Tenda
Status: Fh1206 Firmware
Vendor: CVE Published:; 15 August 2024

What is CVE-2024-42981?

The Tenda FH1206 router version 02.03.01.35 is susceptible to a stack overflow vulnerability specifically within the 'fromPptpUserSetting' function. Exploitation of this vulnerability occurs via the 'delno' parameter when an attacker sends a specially crafted POST request. This flaw may allow malicious actors to induce a Denial of Service (DoS) condition, rendering the device unresponsive and impacting network availability. It is crucial for users of the affected product to implement recommended security practices and monitor for updates from Tenda Technology.

References

https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2024