Sign-up

ID

VAR-202404-0244


CVE

CVE-2024-4020


TITLE

Tenda FH1206 Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-24958

DESCRIPTION

A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda FH1206 is a wireless router from China's Tenda company. No detailed vulnerability details are provided at present

Trust: 1.44

sources: NVD: CVE-2024-4020 // CNVD: CNVD-2024-24958

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-24958

AFFECTED PRODUCTS

vendor:tendamodel:fh1206scope:eqversion:1.2.0.8(8155)

Trust: 0.6

sources: CNVD: CNVD-2024-24958

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-4020
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-24958
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2024-4020
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2024-24958
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-4020
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-24958 // NVD: CVE-2024-4020

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

sources: NVD: CVE-2024-4020

EXTERNAL IDS

db:NVDid:CVE-2024-4020

Trust: 1.6

db:VULDBid:261671

Trust: 1.0

db:CNVDid:CNVD-2024-24958

Trust: 0.6

sources: CNVD: CNVD-2024-24958 // NVD: CVE-2024-4020

REFERENCES

url:https://palm-vertebra-fe9.notion.site/fromaddressnat_entrys-b04d5356e5f04e30b37cb9037b94e1b2

Trust: 1.0

url:https://vuldb.com/?ctiid.261671

Trust: 1.0

url:https://vuldb.com/?id.261671

Trust: 1.0

url:https://vuldb.com/?submit.316036

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2024-4020

Trust: 0.6

sources: CNVD: CNVD-2024-24958 // NVD: CVE-2024-4020

SOURCES

db:CNVDid:CNVD-2024-24958
db:NVDid:CVE-2024-4020

LAST UPDATE DATE

2024-08-14T14:09:27.494000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-24958date:2024-05-30T00:00:00
db:NVDid:CVE-2024-4020date:2024-06-04T19:20:28.390

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-24958date:2024-05-29T00:00:00
db:NVDid:CVE-2024-4020date:2024-04-20T23:15:48.183