ID

VAR-202411-1755


CVE

CVE-2024-12002


TITLE

plural  Shenzhen Tenda Technology Co.,Ltd.  In the product  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-014434

DESCRIPTION

A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. fh451 firmware, fh1201 firmware, FH1202 firmware etc. Shenzhen Tenda Technology Co.,Ltd. The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-12002 // JVNDB: JVNDB-2024-014434

AFFECTED PRODUCTS

vendor:tendamodel:fh1202scope:eqversion:1.2.0.14\(408\)_en

Trust: 1.0

vendor:tendamodel:fh451scope:eqversion:1.0.0.7

Trust: 1.0

vendor:tendamodel:fh1202scope:eqversion:1.2.0.9

Trust: 1.0

vendor:tendamodel:fh1201scope:eqversion:1.2.0.8\(8155\)

Trust: 1.0

vendor:tendamodel:fh1206scope:eqversion:1.2.0.8\(8155\)

Trust: 1.0

vendor:tendamodel:fh1202scope:eqversion:1.2.0.14\(408\)

Trust: 1.0

vendor:tendamodel:fh1201scope:eqversion:1.2.0.14\(408\)_en

Trust: 1.0

vendor:tendamodel:fh451scope:eqversion:1.0.0.9

Trust: 1.0

vendor:tendamodel:fh451scope:eqversion:1.0.0.5

Trust: 1.0

vendor:tendamodel:fh1206scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1202scope: - version: -

Trust: 0.8

vendor:tendamodel:fh451scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1201scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-014434 // NVD: CVE-2024-12002

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-12002
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-12002
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-014434
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2024-12002
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-014434
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2024-12002
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-12002
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2024-014434
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-014434 // NVD: CVE-2024-12002 // NVD: CVE-2024-12002

PROBLEMTYPE DATA

problemtype:CWE-404

Trust: 1.0

problemtype:CWE-476

Trust: 1.0

problemtype:Improper shutdown and release of resources (CWE-404) [ others ]

Trust: 0.8

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

problemtype:NULL Pointer dereference (CWE-476) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-014434 // NVD: CVE-2024-12002

EXTERNAL IDS

db:NVDid:CVE-2024-12002

Trust: 2.6

db:VULDBid:286417

Trust: 1.8

db:JVNDBid:JVNDB-2024-014434

Trust: 0.8

sources: JVNDB: JVNDB-2024-014434 // NVD: CVE-2024-12002

REFERENCES

url:https://github.com/kalvin2077/tenda-fh-cve

Trust: 1.8

url:https://vuldb.com/?id.286417

Trust: 1.8

url:https://vuldb.com/?submit.453974

Trust: 1.8

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?ctiid.286417

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-12002

Trust: 0.8

sources: JVNDB: JVNDB-2024-014434 // NVD: CVE-2024-12002

SOURCES

db:JVNDBid:JVNDB-2024-014434
db:NVDid:CVE-2024-12002

LAST UPDATE DATE

2024-12-13T23:06:41.351000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-014434date:2024-12-12T01:35:00
db:NVDid:CVE-2024-12002date:2024-12-10T23:21:19.827

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-014434date:2024-12-12T00:00:00
db:NVDid:CVE-2024-12002date:2024-11-30T13:15:04.610