CVE-2024-12002
30.11.2024, 13:15
A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Enginsight
| Vendor | Product | Version |
|---|---|---|
| tenda | fh451_firmware | 1.0.0.5 |
| tenda | fh451_firmware | 1.0.0.7 |
| tenda | fh451_firmware | 1.0.0.9 |
| tenda | fh1201_firmware | 1.2.0.8\(8155\) |
| tenda | fh1201_firmware | 1.2.0.14\(408\)_en |
| tenda | fh1202_firmware | 1.2.0.9 |
| tenda | fh1202_firmware | 1.2.0.14\(408\) |
| tenda | fh1202_firmware | 1.2.0.14\(408\)_en |
| tenda | fh1206_firmware | 1.2.0.8\(8155\) |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-404 - Improper Resource Shutdown or ReleaseThe program does not release or incorrectly releases a resource before it is made available for re-use.
- CWE-476 - NULL Pointer DereferenceA NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.