CVE-2024-7613

A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:fh1206_firmware:1.2.0.8\(8155\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:fh1206:-:*:*:*:*:*:*:*

History

21 Aug 2024, 18:47

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en Tenda FH1206 1.2.0.8(8155) y clasificada como crítica. Este problema afecta la función fromGstDhcpSetSer del archivo /goform/GstDhcpSetSer. La manipulación del argumento dips conduce a un desbordamiento del búfer. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
References () https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/GstDhcpSetSer_bof%26injection - () https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/GstDhcpSetSer_bof%26injection - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.273983 - () https://vuldb.com/?ctiid.273983 - Third Party Advisory
References () https://vuldb.com/?id.273983 - () https://vuldb.com/?id.273983 - Third Party Advisory
References () https://vuldb.com/?submit.383691 - () https://vuldb.com/?submit.383691 - Third Party Advisory
CVSS v2 : 9.0
v3 : 8.8
v2 : 9.0
v3 : 9.8
First Time Tenda
Tenda fh1206
Tenda fh1206 Firmware
CPE cpe:2.3:o:tenda:fh1206_firmware:1.2.0.8\(8155\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:fh1206:-:*:*:*:*:*:*:*
CWE CWE-787

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-21 18:47


NVD link : CVE-2024-7613

Mitre link : CVE-2024-7613

CVE.ORG link : CVE-2024-7613


JSON object : View

Products Affected

tenda

  • fh1206
  • fh1206_firmware
CWE
CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')