6.5
CVE-2024-12002
- EPSS 0.12%
- Veröffentlicht 30.11.2024 13:15:04
- Zuletzt bearbeitet 10.12.2024 23:21:19
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tenda ≫ Fh451 Firmware Version1.0.0.5
Tenda ≫ Fh451 Firmware Version1.0.0.7
Tenda ≫ Fh451 Firmware Version1.0.0.9
Tenda ≫ Fh1201 Firmware Version1.2.0.8(8155)
Tenda ≫ Fh1201 Firmware Version1.2.0.14(408)_en
Tenda ≫ Fh1202 Firmware Version1.2.0.9
Tenda ≫ Fh1202 Firmware Version1.2.0.14(408)
Tenda ≫ Fh1202 Firmware Version1.2.0.14(408)_en
Tenda ≫ Fh1206 Firmware Version1.2.0.8(8155)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.307 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| cna@vuldb.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| cna@vuldb.com | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
CWE-404 Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.