Sign-up

ID

VAR-202404-1585


CVE

CVE-2024-32311


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  fh1203  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020539

DESCRIPTION

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda Corporation, primarily used for home network coverage. This vulnerability stems from the adslPwd parameter in the formWanParameterSetting method failing to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-32311 // JVNDB: JVNDB-2024-020539 // CNVD: CNVD-2025-17019

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-17019

AFFECTED PRODUCTS

vendor:tendamodel:fh1203scope:eqversion:2.0.1.6

Trust: 1.6

vendor:tendamodel:fh1203scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1203scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1203scope:eqversion:fh1203 firmware 2.0.1.6

Trust: 0.8

sources: CNVD: CNVD-2025-17019 // JVNDB: JVNDB-2024-020539 // NVD: CVE-2024-32311

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-32311
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-020539
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-17019
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-17019
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-32311
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-020539
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-17019 // JVNDB: JVNDB-2024-020539 // NVD: CVE-2024-32311

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-020539 // NVD: CVE-2024-32311

PATCH

title:Patch for Tenda FH1203 formWanParameterSetting method buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/713071

Trust: 0.6

sources: CNVD: CNVD-2025-17019

EXTERNAL IDS

db:NVDid:CVE-2024-32311

Trust: 3.2

db:JVNDBid:JVNDB-2024-020539

Trust: 0.8

db:CNVDid:CNVD-2025-17019

Trust: 0.6

sources: CNVD: CNVD-2025-17019 // JVNDB: JVNDB-2024-020539 // NVD: CVE-2024-32311

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1203/formwanparametersetting.md

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2024-32311

Trust: 0.8

sources: CNVD: CNVD-2025-17019 // JVNDB: JVNDB-2024-020539 // NVD: CVE-2024-32311

SOURCES

db:CNVDid:CNVD-2025-17019
db:JVNDBid:JVNDB-2024-020539
db:NVDid:CVE-2024-32311

LAST UPDATE DATE

2025-07-30T23:15:53.580000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-17019date:2025-07-29T00:00:00
db:JVNDBid:JVNDB-2024-020539date:2025-03-18T03:14:00
db:NVDid:CVE-2024-32311date:2025-03-17T14:55:22.163

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-17019date:2025-07-29T00:00:00
db:JVNDBid:JVNDB-2024-020539date:2025-03-18T00:00:00
db:NVDid:CVE-2024-32311date:2024-04-17T14:15:09.313