Details of VAR-202403-2446

ID

VAR-202403-2446

CVE

CVE-2024-30600

TITLE

Shenzhen Tenda Technology Co.,Ltd. of fh1203 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020765

DESCRIPTION

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda, primarily used for home network coverage. This vulnerability stems from the failure of the schedEndTime parameter in the setSchedWifi method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-30600 // JVNDB: JVNDB-2024-020765 // CNVD: CNVD-2025-17050

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17050

AFFECTED PRODUCTS

vendor:	tenda	model:	fh1203	scope:	eq	version:	2.0.1.6	Trust: 1.0
vendor:	tenda	model:	fh1203	scope:	eq	version:	fh1203 firmware 2.0.1.6	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	fh1203	scope:	eq	version:	v2.0.1.6	Trust: 0.6

sources: CNVD: CNVD-2025-17050 // JVNDB: JVNDB-2024-020765 // NVD: CVE-2024-30600

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30600
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-020765
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-17050
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-17050
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30600
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-020765
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-17050 // JVNDB: JVNDB-2024-020765 // NVD: CVE-2024-30600

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020765 // NVD: CVE-2024-30600

PATCH

title:

Patch for Tenda FH1203 setSchedWifi method schedEndTime parameter buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/713221

Trust: 0.6

sources: CNVD: CNVD-2025-17050

EXTERNAL IDS

db:	NVD	id:	CVE-2024-30600	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020765	Trust: 0.8
db:	CNVD	id:	CNVD-2025-17050	Trust: 0.6

sources: CNVD: CNVD-2025-17050 // JVNDB: JVNDB-2024-020765 // NVD: CVE-2024-30600

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1203/setschedwifi_end.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-30600	Trust: 0.8

sources: CNVD: CNVD-2025-17050 // JVNDB: JVNDB-2024-020765 // NVD: CVE-2024-30600

SOURCES

db:	CNVD	id:	CNVD-2025-17050
db:	JVNDB	id:	JVNDB-2024-020765
db:	NVD	id:	CVE-2024-30600

LAST UPDATE DATE

2025-07-30T23:10:07.493000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17050	date:	2025-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2024-020765	date:	2025-03-24T06:11:00
db:	NVD	id:	CVE-2024-30600	date:	2025-03-13T19:50:17.697

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17050	date:	2025-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2024-020765	date:	2025-03-24T00:00:00
db:	NVD	id:	CVE-2024-30600	date:	2024-03-28T15:15:46.603