Sign-up

ID

VAR-202403-1306


CVE

CVE-2024-30597


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  fh1203  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020766

DESCRIPTION

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda Group, primarily used for home network coverage. This vulnerability stems from the fact that the security parameter in the formWifiBasicSet method fails to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-30597 // JVNDB: JVNDB-2024-020766 // CNVD: CNVD-2025-17043

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-17043

AFFECTED PRODUCTS

vendor:tendamodel:fh1203scope:eqversion:2.0.1.6

Trust: 1.0

vendor:tendamodel:fh1203scope:eqversion:fh1203 firmware 2.0.1.6

Trust: 0.8

vendor:tendamodel:fh1203scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1203scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1203scope:eqversion:v2.0.1.6

Trust: 0.6

sources: CNVD: CNVD-2025-17043 // JVNDB: JVNDB-2024-020766 // NVD: CVE-2024-30597

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-30597
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-020766
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-17043
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-17043
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-30597
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-020766
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-17043 // JVNDB: JVNDB-2024-020766 // NVD: CVE-2024-30597

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-020766 // NVD: CVE-2024-30597

PATCH

title:Patch for Tenda FH1203 formWifiBasicSet method security parameter buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/713156

Trust: 0.6

sources: CNVD: CNVD-2025-17043

EXTERNAL IDS

db:NVDid:CVE-2024-30597

Trust: 3.2

db:JVNDBid:JVNDB-2024-020766

Trust: 0.8

db:CNVDid:CNVD-2025-17043

Trust: 0.6

sources: CNVD: CNVD-2025-17043 // JVNDB: JVNDB-2024-020766 // NVD: CVE-2024-30597

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1203/formwifibasicset_security.md

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2024-30597

Trust: 0.8

sources: CNVD: CNVD-2025-17043 // JVNDB: JVNDB-2024-020766 // NVD: CVE-2024-30597

SOURCES

db:CNVDid:CNVD-2025-17043
db:JVNDBid:JVNDB-2024-020766
db:NVDid:CVE-2024-30597

LAST UPDATE DATE

2025-07-30T23:04:35.962000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-17043date:2025-07-29T00:00:00
db:JVNDBid:JVNDB-2024-020766date:2025-03-24T06:11:00
db:NVDid:CVE-2024-30597date:2025-03-13T19:51:13.307

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-17043date:2025-07-29T00:00:00
db:JVNDBid:JVNDB-2024-020766date:2025-03-24T00:00:00
db:NVDid:CVE-2024-30597date:2024-03-28T15:15:46.407