ID
VAR-202403-3146
CVE
CVE-2024-30629
TITLE
Shenzhen Tenda Technology Co.,Ltd. of fh1205 Stack-based buffer overflow vulnerability in firmware
Trust: 0.8
DESCRIPTION
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function. Shenzhen Tenda Technology Co.,Ltd. of fh1205 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. This vulnerability stems from the failure of the list1 parameter in the fromDhcpListClient method to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial of service
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tenda | model: | fh1205 | scope: | eq | version: | 2.0.0.7\(775\) | Trust: 1.0 |
| vendor: | tenda | model: | fh1205 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | fh1205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | fh1205 | scope: | eq | version: | fh1205 firmware 2.0.0.7(775) | Trust: 0.8 |
| vendor: | tenda | model: | fh1205 | scope: | eq | version: | v2.0.0.7(775) | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-121 | Trust: 1.0 |
| problemtype: | Stack-based buffer overflow (CWE-121) [ others ] | Trust: 0.8 |
PATCH
| title: | Patch for Tenda FH1205 Stack Buffer Overflow Vulnerability (CNVD-2025-21466) | url: | https://www.cnvd.org.cn/patchInfo/show/732706 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-30629 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2024-020507 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-21466 | Trust: 0.6 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-30629 | Trust: 1.4 |
| url: | https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1205/fromdhcplistclient_list1.md | Trust: 1.0 |
SOURCES
| db: | CNVD | id: | CNVD-2025-21466 |
| db: | JVNDB | id: | JVNDB-2024-020507 |
| db: | NVD | id: | CVE-2024-30629 |
LAST UPDATE DATE
2025-09-19T23:15:06.227000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-21466 | date: | 2025-09-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-020507 | date: | 2025-03-17T03:16:00 |
| db: | NVD | id: | CVE-2024-30629 | date: | 2025-03-13T21:22:47.140 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-21466 | date: | 2025-09-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-020507 | date: | 2025-03-17T00:00:00 |
| db: | NVD | id: | CVE-2024-30629 | date: | 2024-03-29T13:15:16.223 |