Sign-up

ID

VAR-202410-1497


CVE

CVE-2024-10280


TITLE

plural  Shenzhen Tenda Technology Co.,Ltd.  In the product  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-011851

DESCRIPTION

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. AC15 firmware, AC7 firmware, ac10u firmware etc. The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-10280 // JVNDB: JVNDB-2024-011851

AFFECTED PRODUCTS

vendor:tendamodel:ac1206scope:eqversion:15.03.06.23

Trust: 1.0

vendor:tendamodel:ac18scope:eqversion:15.03.05.19\(6318\)

Trust: 1.0

vendor:tendamodel:ac10scope:eqversion:16.03.48.23

Trust: 1.0

vendor:tendamodel:ac9scope:eqversion:15.03.2.13

Trust: 1.0

vendor:tendamodel:ac500scope:eqversion:1.0.0.16

Trust: 1.0

vendor:tendamodel:ac10scope:eqversion:16.03.10.20

Trust: 1.0

vendor:tendamodel:ac9scope:eqversion:15.03.06.42

Trust: 1.0

vendor:tendamodel:ac8scope:eqversion:16.03.34.09

Trust: 1.0

vendor:tendamodel:ac7scope:eqversion:15.03.06.44

Trust: 1.0

vendor:tendamodel:ac500scope:eqversion:1.0.0.14

Trust: 1.0

vendor:tendamodel:ac500scope:eqversion:2.0.1.9\(1307\)

Trust: 1.0

vendor:tendamodel:ac15scope:eqversion:15.03.05.19

Trust: 1.0

vendor:tendamodel:ac15scope:eqversion:15.03.05.18

Trust: 1.0

vendor:tendamodel:ac8scope:eqversion:16.03.34.06

Trust: 1.0

vendor:tendamodel:ac9scope:eqversion:15.03.05.19\(6318\)

Trust: 1.0

vendor:tendamodel:ac10scope:eqversion:16.03.48.19

Trust: 1.0

vendor:tendamodel:ac10uscope:eqversion:15.03.06.48

Trust: 1.0

vendor:tendamodel:ac18scope:eqversion:15.03.05.05

Trust: 1.0

vendor:tendamodel:ac10scope:eqversion:16.03.10.13

Trust: 1.0

vendor:tendamodel:ac10uscope:eqversion:15.03.06.49

Trust: 1.0

vendor:tendamodel:ac9scope:eqversion:15.03.05.14

Trust: 1.0

vendor:tendamodel:ac6scope:eqversion:15.03.06.23

Trust: 1.0

vendor:tendamodel:ac10scope: - version: -

Trust: 0.8

vendor:tendamodel:ac7scope: - version: -

Trust: 0.8

vendor:tendamodel:ac18scope: - version: -

Trust: 0.8

vendor:tendamodel:ac10uscope: - version: -

Trust: 0.8

vendor:tendamodel:ac15scope: - version: -

Trust: 0.8

vendor:tendamodel:ac1206scope: - version: -

Trust: 0.8

vendor:tendamodel:ac6scope: - version: -

Trust: 0.8

vendor:tendamodel:ac9scope: - version: -

Trust: 0.8

vendor:tendamodel:ac500scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-011851 // NVD: CVE-2024-10280

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-10280
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-10280
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-011851
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2024-10280
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-011851
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2024-10280
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-10280
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2024-011851
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-011851 // NVD: CVE-2024-10280 // NVD: CVE-2024-10280

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-011851 // NVD: CVE-2024-10280

EXTERNAL IDS

db:NVDid:CVE-2024-10280

Trust: 2.6

db:VULDBid:281555

Trust: 1.8

db:JVNDBid:JVNDB-2024-011851

Trust: 0.8

sources: JVNDB: JVNDB-2024-011851 // NVD: CVE-2024-10280

REFERENCES

url:https://github.com/johenanli/router_vuls/blob/main/websreadevent/websreadevent.md

Trust: 1.8

url:https://vuldb.com/?id.281555

Trust: 1.8

url:https://vuldb.com/?submit.426417

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?ctiid.281555

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-10280

Trust: 0.8

sources: JVNDB: JVNDB-2024-011851 // NVD: CVE-2024-10280

SOURCES

db:JVNDBid:JVNDB-2024-011851
db:NVDid:CVE-2024-10280

LAST UPDATE DATE

2024-11-07T22:35:04.235000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-011851date:2024-11-05T02:27:00
db:NVDid:CVE-2024-10280date:2024-11-01T14:03:20.267

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-011851date:2024-11-05T00:00:00
db:NVDid:CVE-2024-10280date:2024-10-23T14:15:04.500