Details of VAR-202403-2066

ID

VAR-202403-2066

CVE

CVE-2024-30612

TITLE

Shenzhen Tenda Technology Co.,Ltd. of ac10u Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020569

DESCRIPTION

Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. Shenzhen Tenda Technology Co.,Ltd. of ac10u A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. The Tenda AC10U is a dual-band Gigabit router that implements the 802.11ac Wave 2.0 standard and supports MU-MIMO technology, offering high wall penetration and stable transmission. This vulnerability stems from the failure of the formSetClientState method to properly validate the length of input data for the deviceId, limitSpeed, and limitSpeedU parameters. Detailed vulnerability details are currently unavailable

Trust: 2.16

sources: NVD: CVE-2024-30612 // JVNDB: JVNDB-2024-020569 // CNVD: CNVD-2025-17348

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17348

AFFECTED PRODUCTS

vendor:	tenda	model:	ac10u	scope:	eq	version:	15.03.06.48	Trust: 1.6
vendor:	tenda	model:	ac10u	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac10u	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac10u	scope:	eq	version:	ac10u firmware 15.03.06.48	Trust: 0.8

sources: CNVD: CNVD-2025-17348 // JVNDB: JVNDB-2024-020569 // NVD: CVE-2024-30612

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30612
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-020569
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-17348
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-17348
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30612
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-020569
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17348 // JVNDB: JVNDB-2024-020569 // NVD: CVE-2024-30612

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020569 // NVD: CVE-2024-30612

PATCH

title:

Patch for Tenda AC10U Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/714501

Trust: 0.6

sources: CNVD: CNVD-2025-17348

EXTERNAL IDS

db:	NVD	id:	CVE-2024-30612	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020569	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17348	Trust: 0.6

sources: CNVD: CNVD-2025-17348 // JVNDB: JVNDB-2024-020569 // NVD: CVE-2024-30612

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac10u/v1.v15.03.06.48/more/formsetclientstate.md	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2024-30612	Trust: 0.8

sources: CNVD: CNVD-2025-17348 // JVNDB: JVNDB-2024-020569 // NVD: CVE-2024-30612

SOURCES

db:	CNVD	id:	CNVD-2025-17348
db:	JVNDB	id:	JVNDB-2024-020569
db:	NVD	id:	CVE-2024-30612

LAST UPDATE DATE

2025-08-02T23:20:47.251000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17348	date:	2025-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2024-020569	date:	2025-03-19T01:19:00
db:	NVD	id:	CVE-2024-30612	date:	2025-03-17T14:21:36.410

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17348	date:	2025-07-31T00:00:00
db:	JVNDB	id:	JVNDB-2024-020569	date:	2025-03-19T00:00:00
db:	NVD	id:	CVE-2024-30612	date:	2024-03-28T15:15:46.907