Details of VAR-202403-2444

ID

VAR-202403-2444

CVE

CVE-2024-30607

TITLE

Shenzhen Tenda Technology Co.,Ltd. of fh1203 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020504

DESCRIPTION

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda, primarily used for home network coverage. This vulnerability stems from the failure of the deviceId parameter in the saveParentControlInfo method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-30607 // JVNDB: JVNDB-2024-020504 // CNVD: CNVD-2025-17046

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17046

AFFECTED PRODUCTS

vendor:	tenda	model:	fh1203	scope:	eq	version:	2.0.1.6	Trust: 1.0
vendor:	tenda	model:	fh1203	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	eq	version:	fh1203 firmware 2.0.1.6	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	eq	version:	v2.0.1.6	Trust: 0.6

sources: CNVD: CNVD-2025-17046 // JVNDB: JVNDB-2024-020504 // NVD: CVE-2024-30607

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30607
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-020504
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-17046
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-17046
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30607
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-020504
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17046 // JVNDB: JVNDB-2024-020504 // NVD: CVE-2024-30607

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020504 // NVD: CVE-2024-30607

PATCH

title:

Patch for Tenda FH1203 saveParentControlInfo method deviceId parameter buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/713206

Trust: 0.6

sources: CNVD: CNVD-2025-17046

EXTERNAL IDS

db:	NVD	id:	CVE-2024-30607	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020504	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17046	Trust: 0.6

sources: CNVD: CNVD-2025-17046 // JVNDB: JVNDB-2024-020504 // NVD: CVE-2024-30607

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1203/saveparentcontrolinfo_deviceid.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-30607	Trust: 0.8

sources: CNVD: CNVD-2025-17046 // JVNDB: JVNDB-2024-020504 // NVD: CVE-2024-30607

SOURCES

db:	CNVD	id:	CNVD-2025-17046
db:	JVNDB	id:	JVNDB-2024-020504
db:	NVD	id:	CVE-2024-30607

LAST UPDATE DATE

2025-07-30T22:50:12.568000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17046	date:	2025-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2024-020504	date:	2025-03-17T03:06:00
db:	NVD	id:	CVE-2024-30607	date:	2025-03-13T21:10:36.017

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17046	date:	2025-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2024-020504	date:	2025-03-17T00:00:00
db:	NVD	id:	CVE-2024-30607	date:	2024-03-28T14:15:15.530