Sign-up

ID

VAR-202408-2434


CVE

CVE-2024-44387


TITLE

tencacn  of  fh1206  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-006818

DESCRIPTION

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet. tencacn of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a wireless router from China's Tenda company. The vulnerability is caused by the formWrlExtraGet function failing to properly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Trust: 2.16

sources: NVD: CVE-2024-44387 // JVNDB: JVNDB-2024-006818 // CNVD: CNVD-2024-37338

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-37338

AFFECTED PRODUCTS

vendor:tendamodel:fh1206scope:eqversion:1.2.0.8\(8155\)

Trust: 1.0

vendor:tencacnmodel:fh1206scope: - version: -

Trust: 0.8

vendor:tencacnmodel:fh1206scope:eqversion: -

Trust: 0.8

vendor:tencacnmodel:fh1206scope:eqversion:fh1206 firmware 1.2.0.8(8155) en

Trust: 0.8

vendor:tendamodel:fh1206 v1.2.0.8 enscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-37338 // JVNDB: JVNDB-2024-006818 // NVD: CVE-2024-44387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-44387
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-44387
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-44387
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-37338
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-37338
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-44387
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2024-44387
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-37338 // JVNDB: JVNDB-2024-006818 // NVD: CVE-2024-44387 // NVD: CVE-2024-44387

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-006818 // NVD: CVE-2024-44387

PATCH

title:Patch for Tenda FH1206 formWrlExtraGet function buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/585551

Trust: 0.6

sources: CNVD: CNVD-2024-37338

EXTERNAL IDS

db:NVDid:CVE-2024-44387

Trust: 3.2

db:JVNDBid:JVNDB-2024-006818

Trust: 0.8

db:CNVDid:CNVD-2024-37338

Trust: 0.6

sources: CNVD: CNVD-2024-37338 // JVNDB: JVNDB-2024-006818 // NVD: CVE-2024-44387

REFERENCES

url:https://github.com/groundctl2majortom/pocs/blob/main/tenda_fh1206_buffer_overflow1.md

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2024-44387

Trust: 0.8

sources: CNVD: CNVD-2024-37338 // JVNDB: JVNDB-2024-006818 // NVD: CVE-2024-44387

SOURCES

db:CNVDid:CNVD-2024-37338
db:JVNDBid:JVNDB-2024-006818
db:NVDid:CVE-2024-44387

LAST UPDATE DATE

2024-12-13T23:18:27.611000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-37338date:2024-09-04T00:00:00
db:JVNDBid:JVNDB-2024-006818date:2024-08-29T06:46:00
db:NVDid:CVE-2024-44387date:2024-12-13T15:15:24.313

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-37338date:2024-08-30T00:00:00
db:JVNDBid:JVNDB-2024-006818date:2024-08-29T00:00:00
db:NVDid:CVE-2024-44387date:2024-08-23T17:15:10.243