CVE-2024-7615

A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:fh1206_firmware:1.2.0.8\(8155\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:fh1206:-:*:*:*:*:*:*:*

History

21 Aug 2024, 18:48

Type Values Removed Values Added
CVSS v2 : 9.0
v3 : 8.8
v2 : 9.0
v3 : 9.8
CPE cpe:2.3:o:tenda:fh1206_firmware:1.2.0.8\(8155\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:fh1206:-:*:*:*:*:*:*:*
Summary
  • (es) Se encontró una vulnerabilidad en Tenda FH1206 1.2.0.8. Ha sido declarada crítica. La función fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter es afectada por esta vulnerabilidad. La manipulación conduce a un desbordamiento del búfer basado en pila. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
CWE CWE-787
First Time Tenda
Tenda fh1206
Tenda fh1206 Firmware
References () https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/Safe_Client_or_Url_or_Mac_Filter_bof - () https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/Safe_Client_or_Url_or_Mac_Filter_bof - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.273985 - () https://vuldb.com/?ctiid.273985 - Third Party Advisory
References () https://vuldb.com/?id.273985 - () https://vuldb.com/?id.273985 - Third Party Advisory
References () https://vuldb.com/?submit.383693 - () https://vuldb.com/?submit.383693 - Third Party Advisory

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-21 18:48


NVD link : CVE-2024-7615

Mitre link : CVE-2024-7615

CVE.ORG link : CVE-2024-7615


JSON object : View

Products Affected

tenda

  • fh1206
  • fh1206_firmware
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow