7.1

CVE-2024-10750

Exploit
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TendaI22 Firmware Version1.0.0.3(4687)
   TendaI22 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.457
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com 7.1 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com 6.8 8 6.9
AV:N/AC:L/Au:S/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://github.com/xiaobor123/tenda-vul-i22
Third Party Advisory
Exploit
https://vuldb.com/?ctiid.282919
VDB Entry
Permissions Required
https://vuldb.com/?id.282919
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.435407
Third Party Advisory
VDB Entry