Sign-up

ID

VAR-202408-0832


CVE

CVE-2024-42978


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  fh1206  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-005617

DESCRIPTION

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. Shenzhen Tenda Technology Co.,Ltd. of fh1206 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-42978 // JVNDB: JVNDB-2024-005617

AFFECTED PRODUCTS

vendor:tendamodel:fh1206scope:eqversion:v02.03.01.35

Trust: 1.0

vendor:tendamodel:fh1206scope:eqversion:fh1206 firmware v02.03.01.35

Trust: 0.8

vendor:tendamodel:fh1206scope: - version: -

Trust: 0.8

vendor:tendamodel:fh1206scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-005617 // NVD: CVE-2024-42978

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-42978
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-42978
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-42978
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2024-42978
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-42978
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-005617 // NVD: CVE-2024-42978 // NVD: CVE-2024-42978

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005617 // NVD: CVE-2024-42978

EXTERNAL IDS

db:NVDid:CVE-2024-42978

Trust: 2.6

db:JVNDBid:JVNDB-2024-005617

Trust: 0.8

sources: JVNDB: JVNDB-2024-005617 // NVD: CVE-2024-42978

REFERENCES

url:https://github.com/tttjjjwww/ahu-iot-vulnerable/blob/main/tenda/fh1206/telnet.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-42978

Trust: 0.8

sources: JVNDB: JVNDB-2024-005617 // NVD: CVE-2024-42978

SOURCES

db:JVNDBid:JVNDB-2024-005617
db:NVDid:CVE-2024-42978

LAST UPDATE DATE

2025-03-26T23:21:46.058000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-005617date:2024-08-19T02:02:00
db:NVDid:CVE-2024-42978date:2025-03-25T17:16:04.710

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-005617date:2024-08-19T00:00:00
db:NVDid:CVE-2024-42978date:2024-08-15T17:15:20.960