Sign-up

ID

VAR-202403-3052


CVE

CVE-2024-30623


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  fh1205  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020503

DESCRIPTION

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function. Shenzhen Tenda Technology Co.,Ltd. of fh1205 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. This vulnerability stems from the failure of the page parameter in the fromDhcpListClient method to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-30623 // JVNDB: JVNDB-2024-020503 // CNVD: CNVD-2025-21467

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-21467

AFFECTED PRODUCTS

vendor:tendamodel:fh1205scope:eqversion:2.0.0.7\(775\)

Trust: 1.0

vendor:tendamodel:fh1205scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1205scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1205scope:eqversion:fh1205 firmware 2.0.0.7(775)

Trust: 0.8

vendor:tendamodel:fh1205scope:eqversion:v2.0.0.7(775)

Trust: 0.6

sources: CNVD: CNVD-2025-21467 // JVNDB: JVNDB-2024-020503 // NVD: CVE-2024-30623

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-30623
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-020503
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-21467
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-21467
severity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-30623
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-020503
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-21467 // JVNDB: JVNDB-2024-020503 // NVD: CVE-2024-30623

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-020503 // NVD: CVE-2024-30623

PATCH

title:Patch for Tenda FH1205 Stack Buffer Overflow Vulnerability (CNVD-2025-21467)url:https://www.cnvd.org.cn/patchInfo/show/732711

Trust: 0.6

sources: CNVD: CNVD-2025-21467

EXTERNAL IDS

db:NVDid:CVE-2024-30623

Trust: 3.2

db:JVNDBid:JVNDB-2024-020503

Trust: 0.8

db:CNVDid:CNVD-2025-21467

Trust: 0.6

sources: CNVD: CNVD-2025-21467 // JVNDB: JVNDB-2024-020503 // NVD: CVE-2024-30623

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1205/fromdhcplistclient_page.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-30623

Trust: 1.4

sources: CNVD: CNVD-2025-21467 // JVNDB: JVNDB-2024-020503 // NVD: CVE-2024-30623

SOURCES

db:CNVDid:CNVD-2025-21467
db:JVNDBid:JVNDB-2024-020503
db:NVDid:CVE-2024-30623

LAST UPDATE DATE

2025-09-19T23:22:57.820000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-21467date:2025-09-17T00:00:00
db:JVNDBid:JVNDB-2024-020503date:2025-03-17T03:05:00
db:NVDid:CVE-2024-30623date:2025-03-13T21:23:05.313

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-21467date:2025-09-17T00:00:00
db:JVNDBid:JVNDB-2024-020503date:2025-03-17T00:00:00
db:NVDid:CVE-2024-30623date:2024-03-29T13:15:15.913