9
CVE-2024-4020
- EPSS 1.58%
- Veröffentlicht 20.04.2024 23:15:48
- Zuletzt bearbeitet 06.03.2025 15:00:11
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginTenda FH1206 addressNat fromAddressNat buffer overflow
A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tenda ≫ Fh1206 Firmware Version1.2.0.8(8155)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.58% | 0.722 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://palm-vertebra-fe9.notion.site/fromAddressNat_entrys-b04d5356e5f04e30b37cb9037b94e1b2
https://vuldb.com/?ctiid.261671
https://vuldb.com/?id.261671
https://vuldb.com/?submit.316036