Details of VAR-202403-2445

ID

VAR-202403-2445

CVE

CVE-2024-30602

TITLE

Shenzhen Tenda Technology Co.,Ltd. of fh1203 Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020418

DESCRIPTION

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda, primarily used for home network coverage. This vulnerability stems from the failure of the schedStartTime parameter in the setSchedWifi method to properly validate the length of the input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-30602 // JVNDB: JVNDB-2024-020418 // CNVD: CNVD-2025-17049

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17049

AFFECTED PRODUCTS

vendor:	tenda	model:	fh1203	scope:	eq	version:	2.0.1.6	Trust: 1.0
vendor:	tenda	model:	fh1203	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	eq	version:	fh1203 firmware 2.0.1.6	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	eq	version:	v2.0.1.6	Trust: 0.6

sources: CNVD: CNVD-2025-17049 // JVNDB: JVNDB-2024-020418 // NVD: CVE-2024-30602

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30602
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2024-020418
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-17049
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-17049
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30602
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-020418
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17049 // JVNDB: JVNDB-2024-020418 // NVD: CVE-2024-30602

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020418 // NVD: CVE-2024-30602

PATCH

title:

Patch for Tenda FH1203 setSchedWifi method schedStartTime parameter buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/713226

Trust: 0.6

sources: CNVD: CNVD-2025-17049

EXTERNAL IDS

db:	NVD	id:	CVE-2024-30602	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020418	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17049	Trust: 0.6

sources: CNVD: CNVD-2025-17049 // JVNDB: JVNDB-2024-020418 // NVD: CVE-2024-30602

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1203/setschedwifi_start.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-30602	Trust: 0.8

sources: CNVD: CNVD-2025-17049 // JVNDB: JVNDB-2024-020418 // NVD: CVE-2024-30602

SOURCES

db:	CNVD	id:	CNVD-2025-17049
db:	JVNDB	id:	JVNDB-2024-020418
db:	NVD	id:	CVE-2024-30602

LAST UPDATE DATE

2025-07-30T23:13:06.720000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17049	date:	2025-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2024-020418	date:	2025-03-14T01:38:00
db:	NVD	id:	CVE-2024-30602	date:	2025-03-13T19:49:37.080

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17049	date:	2025-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2024-020418	date:	2025-03-14T00:00:00
db:	NVD	id:	CVE-2024-30602	date:	2024-03-28T15:15:46.723