Details of VAR-202403-3334

ID

VAR-202403-3334

CVE

CVE-2024-30636

TITLE

Shenzhen Tenda Technology Co.,Ltd. of F1202 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020521

DESCRIPTION

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, boasting a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the PPPOEPassword parameter in the formQuickIndex method failing to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-30636 // JVNDB: JVNDB-2024-020521 // CNVD: CNVD-2025-18172

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-18172

AFFECTED PRODUCTS

vendor:	tenda	model:	f1202	scope:	eq	version:	1.2.0.20\(408\)	Trust: 1.0
vendor:	tenda	model:	f1202	scope:	eq	version:	f1202 firmware 1.2.0.20(408)	Trust: 0.8
vendor:	tenda	model:	f1202	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	f1202	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	f1202	scope:	eq	version:	1.2.0.20(408)	Trust: 0.6

sources: CNVD: CNVD-2025-18172 // JVNDB: JVNDB-2024-020521 // NVD: CVE-2024-30636

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30636
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-020521
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-18172
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-18172
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-30636
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-020521
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-18172 // JVNDB: JVNDB-2024-020521 // NVD: CVE-2024-30636

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020521 // NVD: CVE-2024-30636

PATCH

title:

Patch for Tenda F1202 formQuickIndex method buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/718046

Trust: 0.6

sources: CNVD: CNVD-2025-18172

EXTERNAL IDS

db:	NVD	id:	CVE-2024-30636	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020521	Trust: 0.8
db:	CNVD	id:	CNVD-2025-18172	Trust: 0.6

sources: CNVD: CNVD-2025-18172 // JVNDB: JVNDB-2024-020521 // NVD: CVE-2024-30636

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/formquickindex.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-30636	Trust: 0.8

sources: CNVD: CNVD-2025-18172 // JVNDB: JVNDB-2024-020521 // NVD: CVE-2024-30636

SOURCES

db:	CNVD	id:	CNVD-2025-18172
db:	JVNDB	id:	JVNDB-2024-020521
db:	NVD	id:	CVE-2024-30636

LAST UPDATE DATE

2025-08-15T05:46:05.659000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-18172	date:	2025-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-020521	date:	2025-03-17T07:50:00
db:	NVD	id:	CVE-2024-30636	date:	2025-03-13T21:26:12.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-18172	date:	2025-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-020521	date:	2025-03-17T00:00:00
db:	NVD	id:	CVE-2024-30636	date:	2024-03-29T14:15:14.663