Sign-up

ID

VAR-202404-1584


CVE

CVE-2024-32315


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  FH1202  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021766

DESCRIPTION

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of FH1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH1202 is a dual-band wireless router launched by Tenda, supporting 2.4GHz and 5GHz bands, with a total transmission rate of 1200Mbps. Tenda FH1202 has a buffer overflow vulnerability, which stems from the fact that the adslPwd parameter of the formWanParameterSetting method fails to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-32315 // JVNDB: JVNDB-2024-021766 // CNVD: CNVD-2025-16339

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-16339

AFFECTED PRODUCTS

vendor:tendamodel:fh1202scope:eqversion:1.2.0.14\(408\)

Trust: 1.0

vendor:tendamodel:fh1202scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1202scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1202scope:eqversion:fh1202 firmware 1.2.0.14(408)

Trust: 0.8

vendor:tendamodel:fh1202scope:eqversion:1.2.0.14(408)

Trust: 0.6

sources: CNVD: CNVD-2025-16339 // JVNDB: JVNDB-2024-021766 // NVD: CVE-2024-32315

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-32315
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-021766
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-16339
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-16339
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-32315
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-021766
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-16339 // JVNDB: JVNDB-2024-021766 // NVD: CVE-2024-32315

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-021766 // NVD: CVE-2024-32315

PATCH

title:Patch for Tenda FH1202 formWanParameterSetting method buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/710466

Trust: 0.6

sources: CNVD: CNVD-2025-16339

EXTERNAL IDS

db:NVDid:CVE-2024-32315

Trust: 3.2

db:JVNDBid:JVNDB-2024-021766

Trust: 0.8

db:CNVDid:CNVD-2025-16339

Trust: 0.6

sources: CNVD: CNVD-2025-16339 // JVNDB: JVNDB-2024-021766 // NVD: CVE-2024-32315

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1202/formwanparametersetting.md

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2024-32315

Trust: 0.8

sources: CNVD: CNVD-2025-16339 // JVNDB: JVNDB-2024-021766 // NVD: CVE-2024-32315

SOURCES

db:CNVDid:CNVD-2025-16339
db:JVNDBid:JVNDB-2024-021766
db:NVDid:CVE-2024-32315

LAST UPDATE DATE

2025-07-20T23:21:26.600000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-16339date:2025-07-18T00:00:00
db:JVNDBid:JVNDB-2024-021766date:2025-04-10T02:23:00
db:NVDid:CVE-2024-32315date:2025-04-09T14:20:48.623

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-16339date:2025-07-18T00:00:00
db:JVNDBid:JVNDB-2024-021766date:2025-04-10T00:00:00
db:NVDid:CVE-2024-32315date:2024-04-17T14:15:09.367