Sign-up

ID

VAR-202403-3269


CVE

CVE-2024-30631


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  fh1205  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020506

DESCRIPTION

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function. Shenzhen Tenda Technology Co.,Ltd. The Tenda FH1205 is a home wireless router launched by Tenda, a Chinese company, designed for typical home network environments and providing wireless connectivity. This vulnerability stems from the fact that the `schedStartTime` parameter of the `setSchedWifi` method fails to properly validate the length of the input data. Detailed vulnerability information is currently unavailable

Trust: 2.16

sources: NVD: CVE-2024-30631 // JVNDB: JVNDB-2024-020506 // CNVD: CNVD-2025-30674

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-30674

AFFECTED PRODUCTS

vendor:tendamodel:fh1205scope:eqversion:2.0.0.7\(775\)

Trust: 1.0

vendor:tendamodel:fh1205scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1205scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1205scope:eqversion:fh1205 firmware 2.0.0.7(775)

Trust: 0.8

vendor:tendamodel:fh1205scope:eqversion:v2.0.0.7(775)

Trust: 0.6

sources: CNVD: CNVD-2025-30674 // JVNDB: JVNDB-2024-020506 // NVD: CVE-2024-30631

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-30631
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-020506
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-30674
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-30674
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-30631
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-020506
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-30674 // JVNDB: JVNDB-2024-020506 // NVD: CVE-2024-30631

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-020506 // NVD: CVE-2024-30631

PATCH

title:Patch for Tenda FH1205 setSchedWifi method stack buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/781401

Trust: 0.6

sources: CNVD: CNVD-2025-30674

EXTERNAL IDS

db:NVDid:CVE-2024-30631

Trust: 3.2

db:JVNDBid:JVNDB-2024-020506

Trust: 0.8

db:CNVDid:CNVD-2025-30674

Trust: 0.6

sources: CNVD: CNVD-2025-30674 // JVNDB: JVNDB-2024-020506 // NVD: CVE-2024-30631

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1205/setschedwifi_start.md

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2024-30631

Trust: 0.8

sources: CNVD: CNVD-2025-30674 // JVNDB: JVNDB-2024-020506 // NVD: CVE-2024-30631

SOURCES

db:CNVDid:CNVD-2025-30674
db:JVNDBid:JVNDB-2024-020506
db:NVDid:CVE-2024-30631

LAST UPDATE DATE

2025-12-19T23:01:09.608000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-30674date:2025-12-15T00:00:00
db:JVNDBid:JVNDB-2024-020506date:2025-03-17T03:16:00
db:NVDid:CVE-2024-30631date:2025-03-13T21:20:31.493

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-30674date:2025-12-15T00:00:00
db:JVNDBid:JVNDB-2024-020506date:2025-03-17T00:00:00
db:NVDid:CVE-2024-30631date:2024-03-29T13:15:16.313