Sign-up

ID

VAR-202408-0581


CVE

CVE-2024-42947


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  fh1201  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-005716

DESCRIPTION

An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. Shenzhen Tenda Technology Co.,Ltd. of fh1201 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.16

sources: NVD: CVE-2024-42947 // JVNDB: JVNDB-2024-005716 // CNVD: CNVD-2025-10828

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-10828

AFFECTED PRODUCTS

vendor:tendamodel:fh1201scope:eqversion:1.2.0.14\(408\)

Trust: 1.0

vendor:tendamodel:fh1201scope:eqversion:fh1201 firmware 1.2.0.14(408)

Trust: 0.8

vendor:tendamodel:fh1201scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1201scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1201scope:eqversion:1.2.0.14(408)

Trust: 0.6

sources: CNVD: CNVD-2025-10828 // JVNDB: JVNDB-2024-005716 // NVD: CVE-2024-42947

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-42947
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-42947
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-42947
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-10828
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-10828
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-42947
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-42947
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-10828 // JVNDB: JVNDB-2024-005716 // NVD: CVE-2024-42947 // NVD: CVE-2024-42947

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005716 // NVD: CVE-2024-42947

PATCH

title:Patch for Tenda FH1201 Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/691501

Trust: 0.6

sources: CNVD: CNVD-2025-10828

EXTERNAL IDS

db:NVDid:CVE-2024-42947

Trust: 3.2

db:JVNDBid:JVNDB-2024-005716

Trust: 0.8

db:CNVDid:CNVD-2025-10828

Trust: 0.6

sources: CNVD: CNVD-2025-10828 // JVNDB: JVNDB-2024-005716 // NVD: CVE-2024-42947

REFERENCES

url:https://github.com/tttjjjwww/ahu-iot-vulnerable/blob/main/tenda/fh1201/telnet.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-42947

Trust: 1.4

sources: CNVD: CNVD-2025-10828 // JVNDB: JVNDB-2024-005716 // NVD: CVE-2024-42947

SOURCES

db:CNVDid:CNVD-2025-10828
db:JVNDBid:JVNDB-2024-005716
db:NVDid:CVE-2024-42947

LAST UPDATE DATE

2025-05-29T23:42:42.291000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-10828date:2025-05-28T00:00:00
db:JVNDBid:JVNDB-2024-005716date:2024-08-19T05:49:00
db:NVDid:CVE-2024-42947date:2025-03-13T14:15:31.140

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-10828date:2025-05-26T00:00:00
db:JVNDBid:JVNDB-2024-005716date:2024-08-19T00:00:00
db:NVDid:CVE-2024-42947date:2024-08-15T17:15:19.187