Details of VAR-202411-1479

ID

VAR-202411-1479

CVE

CVE-2024-11650

TITLE

Shenzhen Tenda Technology Co.,Ltd. of i9 in the firmware NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-019933

DESCRIPTION

A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of i9 The firmware has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Tenda i9 is a ceiling-mounted wireless access point from China's Tenda company. An attacker can exploit this vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-11650 // JVNDB: JVNDB-2024-019933 // CNVD: CNVD-2024-48103

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-48103

AFFECTED PRODUCTS

vendor:	tenda	model:	i9	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	i9	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	i9	scope:	eq	version:	i9 firmware 1.0.0.8(3828)	Trust: 0.8
vendor:	tenda	model:	i9	scope:	eq	version:	1.0.0.8(3828)	Trust: 0.6

sources: CNVD: CNVD-2024-48103 // JVNDB: JVNDB-2024-019933

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-11650
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-019933
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-48103
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-11650
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-019933
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2024-48103
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-11650
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2024-019933
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-48103 // JVNDB: JVNDB-2024-019933 // NVD: CVE-2024-11650

PROBLEMTYPE DATA

problemtype:	CWE-404	Trust: 1.0
problemtype:	CWE-476	Trust: 1.0
problemtype:	Improper shutdown and release of resources (CWE-404) [ others ]	Trust: 0.8
problemtype:	NULL Pointer dereference (CWE-476) [NVD evaluation ]	Trust: 0.8
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-019933 // NVD: CVE-2024-11650

EXTERNAL IDS

db:	NVD	id:	CVE-2024-11650	Trust: 3.2
db:	VULDB	id:	285971	Trust: 1.0
db:	JVNDB	id:	JVNDB-2024-019933	Trust: 0.8
db:	CNVD	id:	CNVD-2024-48103	Trust: 0.6

sources: CNVD: CNVD-2024-48103 // JVNDB: JVNDB-2024-019933 // NVD: CVE-2024-11650

REFERENCES

url:	https://github.com/xiaobor123/tenda-vul-i9	Trust: 1.8
url:	https://vuldb.com/?submit.446592	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-11650	Trust: 1.4
url:	https://vuldb.com/?id.285971	Trust: 1.0
url:	https://vuldb.com/?ctiid.285971	Trust: 1.0

sources: CNVD: CNVD-2024-48103 // JVNDB: JVNDB-2024-019933 // NVD: CVE-2024-11650

SOURCES

db:	CNVD	id:	CNVD-2024-48103
db:	JVNDB	id:	JVNDB-2024-019933
db:	NVD	id:	CVE-2024-11650

LAST UPDATE DATE

2025-03-08T23:26:05.947000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-48103	date:	2024-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2024-019933	date:	2025-03-07T03:09:00
db:	NVD	id:	CVE-2024-11650	date:	2024-11-25T03:15:06.707

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-48103	date:	2024-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2024-019933	date:	2025-03-07T00:00:00
db:	NVD	id:	CVE-2024-11650	date:	2024-11-25T03:15:06.707