Details of VAR-202411-0258

ID

VAR-202411-0258

CVE

CVE-2024-10750

TITLE

Shenzhen Tenda Technology Co.,Ltd. of i22 in the firmware NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-012252

DESCRIPTION

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of i22 The firmware has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Tenda i22 has a code problem vulnerability, which is caused by improper handling of the parameter Content-Length, resulting in a null pointer dereference. An attacker can exploit this vulnerability to upload arbitrary files

Trust: 2.16

sources: NVD: CVE-2024-10750 // JVNDB: JVNDB-2024-012252 // CNVD: CNVD-2024-44859

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-44859

AFFECTED PRODUCTS

vendor:	tenda	model:	i22	scope:	eq	version:	1.0.0.3\(4687\)	Trust: 1.0
vendor:	tenda	model:	i22	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	i22	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	i22	scope:	eq	version:	i22 firmware 1.0.0.3(4687)	Trust: 0.8
vendor:	tenda	model:	i22	scope:	eq	version:	1.0.0.3(4687)	Trust: 0.6

sources: CNVD: CNVD-2024-44859 // JVNDB: JVNDB-2024-012252 // NVD: CVE-2024-10750

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-10750
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-10750
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-012252
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-44859
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-10750
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-012252
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2024-44859
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-10750
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2024-012252
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-44859 // JVNDB: JVNDB-2024-012252 // NVD: CVE-2024-10750 // NVD: CVE-2024-10750

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-012252 // NVD: CVE-2024-10750

EXTERNAL IDS

db:	NVD	id:	CVE-2024-10750	Trust: 3.2
db:	VULDB	id:	282919	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-012252	Trust: 0.8
db:	CNVD	id:	CNVD-2024-44859	Trust: 0.6

sources: CNVD: CNVD-2024-44859 // JVNDB: JVNDB-2024-012252 // NVD: CVE-2024-10750

REFERENCES

url:	https://github.com/xiaobor123/tenda-vul-i22	Trust: 1.8
url:	https://vuldb.com/?id.282919	Trust: 1.8
url:	https://vuldb.com/?submit.435407	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-10750	Trust: 1.4
url:	https://vuldb.com/?ctiid.282919	Trust: 1.0

sources: CNVD: CNVD-2024-44859 // JVNDB: JVNDB-2024-012252 // NVD: CVE-2024-10750

SOURCES

db:	CNVD	id:	CNVD-2024-44859
db:	JVNDB	id:	JVNDB-2024-012252
db:	NVD	id:	CVE-2024-10750

LAST UPDATE DATE

2024-11-15T23:00:26.614000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-44859	date:	2024-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2024-012252	date:	2024-11-08T03:14:00
db:	NVD	id:	CVE-2024-10750	date:	2024-11-07T17:09:50.387

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-44859	date:	2024-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2024-012252	date:	2024-11-08T00:00:00
db:	NVD	id:	CVE-2024-10750	date:	2024-11-04T02:15:14.667