CVE-2024-12002

Summary

A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
TendaFH45120241129affected
TendaFH120120241129affected
TendaFH120220241129affected
TendaFH120620241129affected

Weaknesses

  • CWE-476: NULL Pointer Dereference
  • CWE-404: Denial of Service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References