Sign-up

ID

VAR-202403-2072


CVE

CVE-2024-30593


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  FH1202  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020458

DESCRIPTION

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function. Shenzhen Tenda Technology Co.,Ltd. of FH1202 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the deviceName parameter of the formSetDeviceName method failing to properly validate the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-30593 // JVNDB: JVNDB-2024-020458 // CNVD: CNVD-2024-36920

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-36920

AFFECTED PRODUCTS

vendor:tendamodel:fh1202scope:eqversion:1.2.0.14\(408\)

Trust: 1.0

vendor:tendamodel:fh1202scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1202scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1202scope:eqversion:fh1202 firmware 1.2.0.14(408)

Trust: 0.8

vendor:tendamodel:fh1202scope:eqversion:v1.2.0.14(408)

Trust: 0.6

sources: CNVD: CNVD-2024-36920 // JVNDB: JVNDB-2024-020458 // NVD: CVE-2024-30593

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-30593
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-020458
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-36920
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-36920
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-30593
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-020458
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-36920 // JVNDB: JVNDB-2024-020458 // NVD: CVE-2024-30593

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-020458 // NVD: CVE-2024-30593

PATCH

title:Patch for Tenda FH1202 deviceName parameter buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/585411

Trust: 0.6

sources: CNVD: CNVD-2024-36920

EXTERNAL IDS

db:NVDid:CVE-2024-30593

Trust: 3.2

db:JVNDBid:JVNDB-2024-020458

Trust: 0.8

db:CNVDid:CNVD-2024-36920

Trust: 0.6

sources: CNVD: CNVD-2024-36920 // JVNDB: JVNDB-2024-020458 // NVD: CVE-2024-30593

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2024-30593

Trust: 1.4

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1202/formsetdevicename_devname.md

Trust: 1.0

sources: CNVD: CNVD-2024-36920 // JVNDB: JVNDB-2024-020458 // NVD: CVE-2024-30593

SOURCES

db:CNVDid:CNVD-2024-36920
db:JVNDBid:JVNDB-2024-020458
db:NVDid:CVE-2024-30593

LAST UPDATE DATE

2025-03-15T23:21:33.436000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-36920date:2024-08-30T00:00:00
db:JVNDBid:JVNDB-2024-020458date:2025-03-14T03:11:00
db:NVDid:CVE-2024-30593date:2025-03-13T17:40:42.550

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-36920date:2024-08-30T00:00:00
db:JVNDBid:JVNDB-2024-020458date:2025-03-14T00:00:00
db:NVDid:CVE-2024-30593date:2024-03-28T13:15:47.950