Sign-up

ID

VAR-202404-2559


CVE

CVE-2024-32299


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  fh1203  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020540

DESCRIPTION

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of fh1203 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda, primarily used for home network coverage. This vulnerability stems from the failure of the PPW parameter in the fromWizardHandle method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-32299 // JVNDB: JVNDB-2024-020540 // CNVD: CNVD-2025-17020

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-17020

AFFECTED PRODUCTS

vendor:tendamodel:fh1203scope:eqversion:2.0.1.6

Trust: 1.6

vendor:tendamodel:fh1203scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1203scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1203scope:eqversion:fh1203 firmware 2.0.1.6

Trust: 0.8

sources: CNVD: CNVD-2025-17020 // JVNDB: JVNDB-2024-020540 // NVD: CVE-2024-32299

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-32299
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-020540
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-17020
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-17020
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-32299
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-020540
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-17020 // JVNDB: JVNDB-2024-020540 // NVD: CVE-2024-32299

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-020540 // NVD: CVE-2024-32299

PATCH

title:Patch for Tenda FH1203 fromWizardHandle method buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/713076

Trust: 0.6

sources: CNVD: CNVD-2025-17020

EXTERNAL IDS

db:NVDid:CVE-2024-32299

Trust: 3.2

db:JVNDBid:JVNDB-2024-020540

Trust: 0.8

db:CNVDid:CNVD-2025-17020

Trust: 0.6

sources: CNVD: CNVD-2025-17020 // JVNDB: JVNDB-2024-020540 // NVD: CVE-2024-32299

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/fh/fh1203/fromwizardhandle.md

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2024-32299

Trust: 0.8

sources: CNVD: CNVD-2025-17020 // JVNDB: JVNDB-2024-020540 // NVD: CVE-2024-32299

SOURCES

db:CNVDid:CNVD-2025-17020
db:JVNDBid:JVNDB-2024-020540
db:NVDid:CVE-2024-32299

LAST UPDATE DATE

2025-07-30T23:15:04.826000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-17020date:2025-07-29T00:00:00
db:JVNDBid:JVNDB-2024-020540date:2025-03-18T03:14:00
db:NVDid:CVE-2024-32299date:2025-03-17T14:55:05.107

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-17020date:2025-07-29T00:00:00
db:JVNDBid:JVNDB-2024-020540date:2025-03-18T00:00:00
db:NVDid:CVE-2024-32299date:2024-04-17T14:15:09.160