Details of VAR-202403-2067

ID

VAR-202403-2067

CVE

CVE-2024-30606

TITLE

Shenzhen Tenda Technology Co.,Ltd. of fh1203 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020518

DESCRIPTION

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda, primarily used for home network coverage. This vulnerability stems from the failure of the "page" parameter in the "fromDhcpListClient" method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-30606 // JVNDB: JVNDB-2024-020518 // CNVD: CNVD-2025-17045

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17045

AFFECTED PRODUCTS

vendor:	tenda	model:	fh1203	scope:	eq	version:	2.0.1.6	Trust: 1.0
vendor:	tenda	model:	fh1203	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	eq	version:	fh1203 firmware 2.0.1.6	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	eq	version:	v2.0.1.6	Trust: 0.6

sources: CNVD: CNVD-2025-17045 // JVNDB: JVNDB-2024-020518 // NVD: CVE-2024-30606

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30606
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-020518
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-17045
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-17045
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30606
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-020518
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17045 // JVNDB: JVNDB-2024-020518 // NVD: CVE-2024-30606

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020518 // NVD: CVE-2024-30606

PATCH

title:

Patch for Tenda FH1203 fromDhcpListClient method page parameter buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/713181

Trust: 0.6

sources: CNVD: CNVD-2025-17045

EXTERNAL IDS

db:	NVD	id:	CVE-2024-30606	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020518	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17045	Trust: 0.6

sources: CNVD: CNVD-2025-17045 // JVNDB: JVNDB-2024-020518 // NVD: CVE-2024-30606

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1203/fromdhcplistclient_page.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-30606	Trust: 0.8

sources: CNVD: CNVD-2025-17045 // JVNDB: JVNDB-2024-020518 // NVD: CVE-2024-30606

SOURCES

db:	CNVD	id:	CNVD-2025-17045
db:	JVNDB	id:	JVNDB-2024-020518
db:	NVD	id:	CVE-2024-30606

LAST UPDATE DATE

2025-07-30T23:13:06.755000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17045	date:	2025-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2024-020518	date:	2025-03-17T07:47:00
db:	NVD	id:	CVE-2024-30606	date:	2025-03-13T21:08:42.520

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17045	date:	2025-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2024-020518	date:	2025-03-17T00:00:00
db:	NVD	id:	CVE-2024-30606	date:	2024-03-28T14:15:15.480