Sign-up

ID

VAR-202411-0867


CVE

CVE-2024-50854


TITLE

Tenda  of  g3  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-012745

DESCRIPTION

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function. Tenda of g3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda G3 is a Qos VPN router from China's Tenda company. Tenda G3 has a buffer overflow vulnerability, which is caused by the formSetPortMapping function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-50854 // JVNDB: JVNDB-2024-012745 // CNVD: CNVD-2025-10435

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-10435

AFFECTED PRODUCTS

vendor:tendacnmodel:g3scope:eqversion:15.11.0.20

Trust: 1.0

vendor:tendamodel:g3scope:eqversion: -

Trust: 0.8

vendor:tendamodel:g3scope:eqversion:g3 firmware 15.11.0.20

Trust: 0.8

vendor:tendamodel:g3scope: - version: -

Trust: 0.8

vendor:tendamodel:g3scope:eqversion:v15.11.0.20

Trust: 0.6

vendor:tendamodel:g3scope:eqversion:3.0

Trust: 0.6

sources: CNVD: CNVD-2025-10435 // JVNDB: JVNDB-2024-012745 // NVD: CVE-2024-50854

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-50854
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-50854
value: HIGH

Trust: 1.0

NVD: CVE-2024-50854
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-10435
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-10435
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-50854
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-50854
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-10435 // JVNDB: JVNDB-2024-012745 // NVD: CVE-2024-50854 // NVD: CVE-2024-50854

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-012745 // NVD: CVE-2024-50854

EXTERNAL IDS

db:NVDid:CVE-2024-50854

Trust: 3.2

db:JVNDBid:JVNDB-2024-012745

Trust: 0.8

db:CNVDid:CNVD-2025-10435

Trust: 0.6

sources: CNVD: CNVD-2025-10435 // JVNDB: JVNDB-2024-012745 // NVD: CVE-2024-50854

REFERENCES

url:https://github.com/zp9080/tenda/blob/main/tenda-g3v3.0%20v15.11.0.20-formsetportmapping/overview.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-50854

Trust: 1.4

sources: CNVD: CNVD-2025-10435 // JVNDB: JVNDB-2024-012745 // NVD: CVE-2024-50854

SOURCES

db:CNVDid:CNVD-2025-10435
db:JVNDBid:JVNDB-2024-012745
db:NVDid:CVE-2024-50854

LAST UPDATE DATE

2025-05-23T23:19:06.682000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-10435date:2025-05-22T00:00:00
db:JVNDBid:JVNDB-2024-012745date:2024-11-15T06:36:00
db:NVDid:CVE-2024-50854date:2025-03-14T17:15:48.197

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-10435date:2025-05-15T00:00:00
db:JVNDBid:JVNDB-2024-012745date:2024-11-15T00:00:00
db:NVDid:CVE-2024-50854date:2024-11-13T15:15:09.010