Sign-up

ID

VAR-202408-0832


CVE

CVE-2024-42978


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  fh1206  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-005617

DESCRIPTION

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. Shenzhen Tenda Technology Co.,Ltd. of fh1206 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda, designed for large fiber-optic households

Trust: 2.16

sources: NVD: CVE-2024-42978 // JVNDB: JVNDB-2024-005617 // CNVD: CNVD-2025-16083

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-16083

AFFECTED PRODUCTS

vendor:tendamodel:fh1206scope:eqversion:v02.03.01.35

Trust: 1.0

vendor:tendamodel:fh1206scope:eqversion:fh1206 firmware v02.03.01.35

Trust: 0.8

vendor:tendamodel:fh1206scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1206scope:eqversion: -

Trust: 0.8

vendor:tendamodel:fh1206scope:eqversion:02.03.01.35

Trust: 0.6

sources: CNVD: CNVD-2025-16083 // JVNDB: JVNDB-2024-005617 // NVD: CVE-2024-42978

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-42978
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-42978
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-42978
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-16083
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-16083
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-42978
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-42978
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-16083 // JVNDB: JVNDB-2024-005617 // NVD: CVE-2024-42978 // NVD: CVE-2024-42978

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005617 // NVD: CVE-2024-42978

PATCH

title:Patch for Tenda FH1206 Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/709806

Trust: 0.6

sources: CNVD: CNVD-2025-16083

EXTERNAL IDS

db:NVDid:CVE-2024-42978

Trust: 3.2

db:JVNDBid:JVNDB-2024-005617

Trust: 0.8

db:CNVDid:CNVD-2025-16083

Trust: 0.6

sources: CNVD: CNVD-2025-16083 // JVNDB: JVNDB-2024-005617 // NVD: CVE-2024-42978

REFERENCES

url:https://github.com/tttjjjwww/ahu-iot-vulnerable/blob/main/tenda/fh1206/telnet.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-42978

Trust: 1.4

sources: CNVD: CNVD-2025-16083 // JVNDB: JVNDB-2024-005617 // NVD: CVE-2024-42978

SOURCES

db:CNVDid:CNVD-2025-16083
db:JVNDBid:JVNDB-2024-005617
db:NVDid:CVE-2024-42978

LAST UPDATE DATE

2025-07-17T23:47:42.898000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-16083date:2025-07-16T00:00:00
db:JVNDBid:JVNDB-2024-005617date:2024-08-19T02:02:00
db:NVDid:CVE-2024-42978date:2025-03-25T17:16:04.710

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-16083date:2025-07-16T00:00:00
db:JVNDBid:JVNDB-2024-005617date:2024-08-19T00:00:00
db:NVDid:CVE-2024-42978date:2024-08-15T17:15:20.960