Search criteria
35 vulnerabilities found for f1202 by tenda
VAR-202403-3020
Vulnerability from variot - Updated: 2025-12-19 23:02Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. This vulnerability stems from the fact that the page parameter of the fromAddressNat method fails to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial-of-service attack
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-3020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "f1202 firmware 1.2.0.20(408)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "1.2.0.20(408)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30668"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020495"
},
{
"db": "NVD",
"id": "CVE-2024-30639"
}
]
},
"cve": "CVE-2024-30639",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-30668",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2024-30639",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-020495",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-30639",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-020495",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-30668",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30668"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020495"
},
{
"db": "NVD",
"id": "CVE-2024-30639"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. This vulnerability stems from the fact that the `page` parameter of the `fromAddressNat` method fails to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial-of-service attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-30639"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020495"
},
{
"db": "CNVD",
"id": "CNVD-2025-30668"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-30639",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020495",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-30668",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30668"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020495"
},
{
"db": "NVD",
"id": "CVE-2024-30639"
}
]
},
"id": "VAR-202403-3020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30668"
}
],
"trust": 0.82607656
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30668"
}
]
},
"last_update_date": "2025-12-19T23:02:31.223000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Tenda F1202 stack buffer overflow vulnerability in the fromAddressNat method.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/781366"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020495"
},
{
"db": "NVD",
"id": "CVE-2024-30639"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/fromaddressnat_page.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-30639"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30668"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020495"
},
{
"db": "NVD",
"id": "CVE-2024-30639"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-30668"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020495"
},
{
"db": "NVD",
"id": "CVE-2024-30639"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30668"
},
{
"date": "2025-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-020495"
},
{
"date": "2024-03-29T14:15:14.837000",
"db": "NVD",
"id": "CVE-2024-30639"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30668"
},
{
"date": "2025-03-17T03:05:00",
"db": "JVNDB",
"id": "JVNDB-2024-020495"
},
{
"date": "2025-03-13T21:25:45.667000",
"db": "NVD",
"id": "CVE-2024-30639"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020495"
}
],
"trust": 0.8
}
}
VAR-202403-3049
Vulnerability from variot - Updated: 2025-12-19 22:59Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter. Shenzhen Tenda Technology Co.,Ltd. of F1202 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. Detailed vulnerability information is not currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-3049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "f1202 firmware 1.2.0.20(408)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "1.2.0.20(408)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30669"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020497"
},
{
"db": "NVD",
"id": "CVE-2024-30637"
}
]
},
"cve": "CVE-2024-30637",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-30669",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-30637",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-020497",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-30637",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-020497",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-30669",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30669"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020497"
},
{
"db": "NVD",
"id": "CVE-2024-30637"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter. Shenzhen Tenda Technology Co.,Ltd. of F1202 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. Detailed vulnerability information is not currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-30637"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020497"
},
{
"db": "CNVD",
"id": "CNVD-2025-30669"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-30637",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020497",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-30669",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30669"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020497"
},
{
"db": "NVD",
"id": "CVE-2024-30637"
}
]
},
"id": "VAR-202403-3049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30669"
}
],
"trust": 0.82607656
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30669"
}
]
},
"last_update_date": "2025-12-19T22:59:41.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Tenda F1202 formWriteFacMac method command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/781371"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30669"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020497"
},
{
"db": "NVD",
"id": "CVE-2024-30637"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/formwritefacmac.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-30637"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30669"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020497"
},
{
"db": "NVD",
"id": "CVE-2024-30637"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-30669"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020497"
},
{
"db": "NVD",
"id": "CVE-2024-30637"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30669"
},
{
"date": "2025-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-020497"
},
{
"date": "2024-03-29T14:15:14.727000",
"db": "NVD",
"id": "CVE-2024-30637"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30669"
},
{
"date": "2025-03-17T03:05:00",
"db": "JVNDB",
"id": "JVNDB-2024-020497"
},
{
"date": "2025-03-13T21:26:03.370000",
"db": "NVD",
"id": "CVE-2024-30637"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020497"
}
],
"trust": 0.8
}
}
VAR-202403-3087
Vulnerability from variot - Updated: 2025-12-19 22:35Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. This vulnerability stems from the fact that the mitInterface parameter of the fromAddressNat method fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-3087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "f1202 firmware 1.2.0.20(408)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "1.2.0.20(408)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30667"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020505"
},
{
"db": "NVD",
"id": "CVE-2024-30634"
}
]
},
"cve": "CVE-2024-30634",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CNVD-2025-30667",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2024-30634",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-020505",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-30634",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-020505",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-30667",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30667"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020505"
},
{
"db": "NVD",
"id": "CVE-2024-30634"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. This vulnerability stems from the fact that the `mitInterface` parameter of the `fromAddressNat` method fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code on the system or cause a denial-of-service attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-30634"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020505"
},
{
"db": "CNVD",
"id": "CNVD-2025-30667"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-30634",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020505",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-30667",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30667"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020505"
},
{
"db": "NVD",
"id": "CVE-2024-30634"
}
]
},
"id": "VAR-202403-3087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30667"
}
],
"trust": 0.82607656
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30667"
}
]
},
"last_update_date": "2025-12-19T22:35:30.358000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Tenda F1202 buffer overflow vulnerability in the fromAddressNat method",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/781361"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30667"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020505"
},
{
"db": "NVD",
"id": "CVE-2024-30634"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/fromaddressnat_mitinterface.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-30634"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-30667"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020505"
},
{
"db": "NVD",
"id": "CVE-2024-30634"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-30667"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020505"
},
{
"db": "NVD",
"id": "CVE-2024-30634"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30667"
},
{
"date": "2025-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-020505"
},
{
"date": "2024-03-29T14:15:14.550000",
"db": "NVD",
"id": "CVE-2024-30634"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-30667"
},
{
"date": "2025-03-17T03:16:00",
"db": "JVNDB",
"id": "JVNDB-2024-020505"
},
{
"date": "2025-03-13T21:26:28.617000",
"db": "NVD",
"id": "CVE-2024-30634"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020505"
}
],
"trust": 0.8
}
}
VAR-202403-3247
Vulnerability from variot - Updated: 2025-08-15 05:48Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function. Shenzhen Tenda Technology Co.,Ltd. of F1202 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, boasting a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the failure of the funcpara1 parameter in the formSetCfm method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-3247",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "f1202 firmware 1.2.0.20(408)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "1.2.0.20(408)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18173"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020498"
},
{
"db": "NVD",
"id": "CVE-2024-30635"
}
]
},
"cve": "CVE-2024-30635",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-18173",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-30635",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-020498",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-30635",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2024-020498",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2025-18173",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18173"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020498"
},
{
"db": "NVD",
"id": "CVE-2024-30635"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function. Shenzhen Tenda Technology Co.,Ltd. of F1202 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, boasting a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the failure of the funcpara1 parameter in the formSetCfm method to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-30635"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020498"
},
{
"db": "CNVD",
"id": "CNVD-2025-18173"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-30635",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020498",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-18173",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18173"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020498"
},
{
"db": "NVD",
"id": "CVE-2024-30635"
}
]
},
"id": "VAR-202403-3247",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18173"
}
],
"trust": 0.82607656
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18173"
}
]
},
"last_update_date": "2025-08-15T05:48:51.283000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Tenda F1202 formSetCfm method buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/718056"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020498"
},
{
"db": "NVD",
"id": "CVE-2024-30635"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/formsetcfm.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-30635"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18173"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020498"
},
{
"db": "NVD",
"id": "CVE-2024-30635"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-18173"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020498"
},
{
"db": "NVD",
"id": "CVE-2024-30635"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18173"
},
{
"date": "2025-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-020498"
},
{
"date": "2024-03-29T14:15:14.607000",
"db": "NVD",
"id": "CVE-2024-30635"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18173"
},
{
"date": "2025-03-17T03:05:00",
"db": "JVNDB",
"id": "JVNDB-2024-020498"
},
{
"date": "2025-03-13T21:26:21.357000",
"db": "NVD",
"id": "CVE-2024-30635"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020498"
}
],
"trust": 0.8
}
}
VAR-202403-3334
Vulnerability from variot - Updated: 2025-08-15 05:46Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, boasting a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the PPPOEPassword parameter in the formQuickIndex method failing to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-3334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "f1202 firmware 1.2.0.20(408)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "1.2.0.20(408)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18172"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020521"
},
{
"db": "NVD",
"id": "CVE-2024-30636"
}
]
},
"cve": "CVE-2024-30636",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-18172",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2024-30636",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-020521",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-30636",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-020521",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-18172",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18172"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020521"
},
{
"db": "NVD",
"id": "CVE-2024-30636"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, boasting a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the PPPOEPassword parameter in the formQuickIndex method failing to properly validate the length of the input data. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-30636"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020521"
},
{
"db": "CNVD",
"id": "CNVD-2025-18172"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-30636",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020521",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-18172",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18172"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020521"
},
{
"db": "NVD",
"id": "CVE-2024-30636"
}
]
},
"id": "VAR-202403-3334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18172"
}
],
"trust": 0.82607656
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18172"
}
]
},
"last_update_date": "2025-08-15T05:46:05.659000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Tenda F1202 formQuickIndex method buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/718046"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020521"
},
{
"db": "NVD",
"id": "CVE-2024-30636"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/formquickindex.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-30636"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18172"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020521"
},
{
"db": "NVD",
"id": "CVE-2024-30636"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-18172"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020521"
},
{
"db": "NVD",
"id": "CVE-2024-30636"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18172"
},
{
"date": "2025-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-020521"
},
{
"date": "2024-03-29T14:15:14.663000",
"db": "NVD",
"id": "CVE-2024-30636"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18172"
},
{
"date": "2025-03-17T07:50:00",
"db": "JVNDB",
"id": "JVNDB-2024-020521"
},
{
"date": "2025-03-13T21:26:12.620000",
"db": "NVD",
"id": "CVE-2024-30636"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020521"
}
],
"trust": 0.8
}
}
VAR-202403-3212
Vulnerability from variot - Updated: 2025-08-15 05:41Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Information may be tampered with. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the failure of the entries parameter of the fromAddressNat method to properly validate the length of the input data. Detailed vulnerability details are currently unavailable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-3212",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "f1202 firmware 1.2.0.20(408)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "1.2.0.20(408)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18174"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020496"
},
{
"db": "NVD",
"id": "CVE-2024-30638"
}
]
},
"cve": "CVE-2024-30638",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-18174",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2024-30638",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-020496",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-30638",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-020496",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-18174",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18174"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020496"
},
{
"db": "NVD",
"id": "CVE-2024-30638"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of F1202 A stack-based buffer overflow vulnerability exists in the firmware.Information may be tampered with. The Tenda F1202 is an enterprise-grade dual-band wireless router that supports both 2.4GHz and 5GHz bands, with a maximum transmission rate of 1200Mbps. It is equipped with four 5dBi antennas for enhanced signal coverage. This vulnerability stems from the failure of the entries parameter of the fromAddressNat method to properly validate the length of the input data. Detailed vulnerability details are currently unavailable",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-30638"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020496"
},
{
"db": "CNVD",
"id": "CNVD-2025-18174"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-30638",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020496",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-18174",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18174"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020496"
},
{
"db": "NVD",
"id": "CVE-2024-30638"
}
]
},
"id": "VAR-202403-3212",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18174"
}
],
"trust": 0.82607656
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18174"
}
]
},
"last_update_date": "2025-08-15T05:41:28.440000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Tenda F1202 fromAddressNat method entries parameter buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/718066"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020496"
},
{
"db": "NVD",
"id": "CVE-2024-30638"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/fromaddressnat_entrys.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-30638"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-18174"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020496"
},
{
"db": "NVD",
"id": "CVE-2024-30638"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-18174"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020496"
},
{
"db": "NVD",
"id": "CVE-2024-30638"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18174"
},
{
"date": "2025-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-020496"
},
{
"date": "2024-03-29T14:15:14.780000",
"db": "NVD",
"id": "CVE-2024-30638"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-18174"
},
{
"date": "2025-03-17T03:05:00",
"db": "JVNDB",
"id": "JVNDB-2024-020496"
},
{
"date": "2025-03-13T21:25:55.883000",
"db": "NVD",
"id": "CVE-2024-30638"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020496"
}
],
"trust": 0.8
}
}
VAR-201705-3846
Vulnerability from variot - Updated: 2025-04-20 23:40There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password. plural Tenda Router (FH1202/F1202/F1200) Debug interface contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security bypass vulnerability exists in the TendaFH1202, F1202, and F1200 routers using firmware prior to 1.2.0.20
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3846",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fh1202",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "1.2.0.19"
},
{
"model": "f1200",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "1.2.0.19"
},
{
"model": "f1202",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "1.2.0.19"
},
{
"model": "f1200",
"scope": "lt",
"trust": 0.8,
"vendor": "tenda",
"version": "1.2.0.20"
},
{
"model": "f1202",
"scope": "lt",
"trust": 0.8,
"vendor": "tenda",
"version": "1.2.0.20"
},
{
"model": "fh1202",
"scope": "lt",
"trust": 0.8,
"vendor": "tenda",
"version": "1.2.0.20"
},
{
"model": "tenda technology co.,ltd. f1200",
"scope": "lt",
"trust": 0.6,
"vendor": "",
"version": "1.2.0.20"
},
{
"model": "tenda technology co.,ltd. f1202",
"scope": "lt",
"trust": 0.6,
"vendor": "",
"version": "1.2.0.20"
},
{
"model": "tenda technology co.,ltd. fh1202",
"scope": "lt",
"trust": 0.6,
"vendor": "",
"version": "1.2.0.20"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "1.2.0.19"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "1.2.0.19"
},
{
"model": "f1200",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "1.2.0.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07749"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004377"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-916"
},
{
"db": "NVD",
"id": "CVE-2017-9138"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tenda:f1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tenda:f1202_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tenda:fh1202_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004377"
}
]
},
"cve": "CVE-2017-9138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CVE-2017-9138",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07749",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-117341",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2017-9138",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9138",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9138",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-07749",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-916",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-117341",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07749"
},
{
"db": "VULHUB",
"id": "VHN-117341"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004377"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-916"
},
{
"db": "NVD",
"id": "CVE-2017-9138"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router\u0027s username and password. plural Tenda Router (FH1202/F1202/F1200) Debug interface contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security bypass vulnerability exists in the TendaFH1202, F1202, and F1200 routers using firmware prior to 1.2.0.20",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9138"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004377"
},
{
"db": "CNVD",
"id": "CNVD-2017-07749"
},
{
"db": "VULHUB",
"id": "VHN-117341"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9138",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004377",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-916",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-07749",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-117341",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07749"
},
{
"db": "VULHUB",
"id": "VHN-117341"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004377"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-916"
},
{
"db": "NVD",
"id": "CVE-2017-9138"
}
]
},
"id": "VAR-201705-3846",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07749"
},
{
"db": "VULHUB",
"id": "VHN-117341"
}
],
"trust": 0.99994304
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07749"
}
]
},
"last_update_date": "2025-04-20T23:40:08.776000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Overview-Tenda-All For Better NetWorking",
"trust": 0.8,
"url": "http://www.tendacn.com/en/2017.html"
},
{
"title": "TendaFH1202/F1202 and F1200 router security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/94527"
},
{
"title": "Tenda FH1202 , F1202 and F1200 Repair measures for router security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70408"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07749"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004377"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-916"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117341"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004377"
},
{
"db": "NVD",
"id": "CVE-2017-9138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.tendacn.com/en/2017.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9138"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9138"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07749"
},
{
"db": "VULHUB",
"id": "VHN-117341"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004377"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-916"
},
{
"db": "NVD",
"id": "CVE-2017-9138"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07749"
},
{
"db": "VULHUB",
"id": "VHN-117341"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004377"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-916"
},
{
"db": "NVD",
"id": "CVE-2017-9138"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07749"
},
{
"date": "2017-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-117341"
},
{
"date": "2017-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004377"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-916"
},
{
"date": "2017-05-21T22:29:00.180000",
"db": "NVD",
"id": "CVE-2017-9138"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07749"
},
{
"date": "2017-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-117341"
},
{
"date": "2017-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004377"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-916"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9138"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-916"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Tenda Router debug interface buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004377"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-916"
}
],
"trust": 0.6
}
}
VAR-201705-3847
Vulnerability from variot - Updated: 2025-04-20 23:32There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds. plural Tenda Router (FH1202/F1202/F1200) Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaFH1202, F1202 and F1200 are all wireless router products of Tenda
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3847",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fh1202",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "1.2.0.19"
},
{
"model": "f1200",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "1.2.0.19"
},
{
"model": "f1202",
"scope": "lte",
"trust": 1.0,
"vendor": "tendacn",
"version": "1.2.0.19"
},
{
"model": "f1200",
"scope": "lt",
"trust": 0.8,
"vendor": "tenda",
"version": "1.2.0.20"
},
{
"model": "f1202",
"scope": "lt",
"trust": 0.8,
"vendor": "tenda",
"version": "1.2.0.20"
},
{
"model": "fh1202",
"scope": "lt",
"trust": 0.8,
"vendor": "tenda",
"version": "1.2.0.20"
},
{
"model": "tenda technology co.,ltd. f1200",
"scope": "lt",
"trust": 0.6,
"vendor": "",
"version": "1.2.0.20"
},
{
"model": "tenda technology co.,ltd. f1202",
"scope": "lt",
"trust": 0.6,
"vendor": "",
"version": "1.2.0.20"
},
{
"model": "tenda technology co.,ltd. fh1202",
"scope": "lt",
"trust": 0.6,
"vendor": "",
"version": "1.2.0.20"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "1.2.0.19"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "1.2.0.19"
},
{
"model": "f1200",
"scope": "eq",
"trust": 0.6,
"vendor": "tendacn",
"version": "1.2.0.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07750"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004378"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-915"
},
{
"db": "NVD",
"id": "CVE-2017-9139"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:tenda:f1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tenda:f1202_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tenda:fh1202_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004378"
}
]
},
"cve": "CVE-2017-9139",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"id": "CVE-2017-9139",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-07750",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"id": "VHN-117342",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"id": "CVE-2017-9139",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9139",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2017-9139",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2017-07750",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-915",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-117342",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07750"
},
{
"db": "VULHUB",
"id": "VHN-117342"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004378"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-915"
},
{
"db": "NVD",
"id": "CVE-2017-9139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds. plural Tenda Router (FH1202/F1202/F1200) Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaFH1202, F1202 and F1200 are all wireless router products of Tenda",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9139"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004378"
},
{
"db": "CNVD",
"id": "CNVD-2017-07750"
},
{
"db": "VULHUB",
"id": "VHN-117342"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9139",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004378",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-915",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-07750",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-117342",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07750"
},
{
"db": "VULHUB",
"id": "VHN-117342"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004378"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-915"
},
{
"db": "NVD",
"id": "CVE-2017-9139"
}
]
},
"id": "VAR-201705-3847",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07750"
},
{
"db": "VULHUB",
"id": "VHN-117342"
}
],
"trust": 0.99994304
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07750"
}
]
},
"last_update_date": "2025-04-20T23:32:12.587000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Overview-Tenda-All For Better NetWorking",
"trust": 0.8,
"url": "http://www.tendacn.com/en/2017.html"
},
{
"title": "Patch for TendaFH1202/F1202 and F1200 Router Stack Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/94528"
},
{
"title": "Tenda FH1202 , F1202 and F1200 Repair measures for router buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70407"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07750"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004378"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-915"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117342"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004378"
},
{
"db": "NVD",
"id": "CVE-2017-9139"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.tendacn.com/en/2017.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9139"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9139"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07750"
},
{
"db": "VULHUB",
"id": "VHN-117342"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004378"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-915"
},
{
"db": "NVD",
"id": "CVE-2017-9139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07750"
},
{
"db": "VULHUB",
"id": "VHN-117342"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004378"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-915"
},
{
"db": "NVD",
"id": "CVE-2017-9139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07750"
},
{
"date": "2017-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-117342"
},
{
"date": "2017-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004378"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-915"
},
{
"date": "2017-05-21T22:29:00.210000",
"db": "NVD",
"id": "CVE-2017-9139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07750"
},
{
"date": "2017-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-117342"
},
{
"date": "2017-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004378"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-915"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9139"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-915"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Tenda Router buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004378"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-915"
}
],
"trust": 0.6
}
}
VAR-202404-0329
Vulnerability from variot - Updated: 2025-01-25 22:57A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been rated as critical. This issue affects the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260909 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of F1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda F1202 is a network device used for network connection and data transmission in homes and small businesses.
There is a stack buffer overflow vulnerability in the fromNatlimit function of the /goform/Natlimit file in Tenda F1202 1.2.0.20(408) version. An attacker can exploit this vulnerability to usurp code execution control by remotely manipulating the page parameter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202404-0329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "f1202 firmware 1.2.0.20(408)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "1.2.0.20(408)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20787"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017190"
},
{
"db": "NVD",
"id": "CVE-2024-3875"
}
]
},
"cve": "CVE-2024-3875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2024-3875",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2024-017190",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-20787",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-3875",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-017190",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2024-3875",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-3875",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-017190",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-20787",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20787"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017190"
},
{
"db": "NVD",
"id": "CVE-2024-3875"
},
{
"db": "NVD",
"id": "CVE-2024-3875"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been rated as critical. This issue affects the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260909 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of F1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda F1202 is a network device used for network connection and data transmission in homes and small businesses. \n\nThere is a stack buffer overflow vulnerability in the fromNatlimit function of the /goform/Natlimit file in Tenda F1202 1.2.0.20(408) version. An attacker can exploit this vulnerability to usurp code execution control by remotely manipulating the page parameter",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3875"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017190"
},
{
"db": "CNVD",
"id": "CNVD-2024-20787"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-3875",
"trust": 3.2
},
{
"db": "VULDB",
"id": "260909",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017190",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-20787",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20787"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017190"
},
{
"db": "NVD",
"id": "CVE-2024-3875"
}
]
},
"id": "VAR-202404-0329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20787"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20787"
}
]
},
"last_update_date": "2025-01-25T22:57:35.834000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-017190"
},
{
"db": "NVD",
"id": "CVE-2024-3875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/fromnatlimit.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.312817"
},
{
"trust": 1.6,
"url": "https://vuldb.com/?id.260909"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.260909"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-3875"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-20787"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017190"
},
{
"db": "NVD",
"id": "CVE-2024-3875"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-20787"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017190"
},
{
"db": "NVD",
"id": "CVE-2024-3875"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-20787"
},
{
"date": "2025-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-017190"
},
{
"date": "2024-04-16T18:15:14.397000",
"db": "NVD",
"id": "CVE-2024-3875"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-20787"
},
{
"date": "2025-01-22T07:42:00",
"db": "JVNDB",
"id": "JVNDB-2024-017190"
},
{
"date": "2025-01-21T16:44:42.840000",
"db": "NVD",
"id": "CVE-2024-3875"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-017190"
}
],
"trust": 0.8
}
}
VAR-202404-0096
Vulnerability from variot - Updated: 2025-01-25 22:48A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function fromqossetting of the file /goform/fromqossetting. The manipulation of the argument qos leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of F1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
There is a stack buffer overflow vulnerability in the fromqossetting function of Tenda F1202, which can be exploited by attackers to overflow the buffer and execute arbitrary code on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202404-0096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "f1202 firmware 1.2.0.20(408)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "1.2.0.20(408)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24534"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017184"
},
{
"db": "NVD",
"id": "CVE-2024-3877"
}
]
},
"cve": "CVE-2024-3877",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2024-3877",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2024-017184",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-24534",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-3877",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-017184",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2024-3877",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-3877",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-017184",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-24534",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24534"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017184"
},
{
"db": "NVD",
"id": "CVE-2024-3877"
},
{
"db": "NVD",
"id": "CVE-2024-3877"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function fromqossetting of the file /goform/fromqossetting. The manipulation of the argument qos leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of F1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\nThere is a stack buffer overflow vulnerability in the fromqossetting function of Tenda F1202, which can be exploited by attackers to overflow the buffer and execute arbitrary code on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3877"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017184"
},
{
"db": "CNVD",
"id": "CNVD-2024-24534"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-3877",
"trust": 3.2
},
{
"db": "VULDB",
"id": "260911",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017184",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-24534",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24534"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017184"
},
{
"db": "NVD",
"id": "CVE-2024-3877"
}
]
},
"id": "VAR-202404-0096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24534"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24534"
}
]
},
"last_update_date": "2025-01-25T22:48:26.519000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-017184"
},
{
"db": "NVD",
"id": "CVE-2024-3877"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/fromqossetting.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.260911"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.312820"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-3877"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.260911"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24534"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017184"
},
{
"db": "NVD",
"id": "CVE-2024-3877"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-24534"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017184"
},
{
"db": "NVD",
"id": "CVE-2024-3877"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-24534"
},
{
"date": "2025-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-017184"
},
{
"date": "2024-04-16T19:15:07.667000",
"db": "NVD",
"id": "CVE-2024-3877"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-24534"
},
{
"date": "2025-01-22T07:35:00",
"db": "JVNDB",
"id": "JVNDB-2024-017184"
},
{
"date": "2025-01-21T16:34:51.410000",
"db": "NVD",
"id": "CVE-2024-3877"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-017184"
}
],
"trust": 0.8
}
}
VAR-202404-0182
Vulnerability from variot - Updated: 2025-01-25 22:48A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260910 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of F1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
There is a stack buffer overflow vulnerability in the fromVirtualSer function of Tenda F1202, which can be exploited by attackers to overflow the buffer and execute arbitrary code on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202404-0182",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "f1202 firmware 1.2.0.20(408)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "tenda technology co.,ltd. f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "",
"version": "1.2.0.20(408)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24532"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017155"
},
{
"db": "NVD",
"id": "CVE-2024-3876"
}
]
},
"cve": "CVE-2024-3876",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2024-3876",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2024-017155",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-24532",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-3876",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-017155",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2024-3876",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-3876",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-017155",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-24532",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24532"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017155"
},
{
"db": "NVD",
"id": "CVE-2024-3876"
},
{
"db": "NVD",
"id": "CVE-2024-3876"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260910 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of F1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\nThere is a stack buffer overflow vulnerability in the fromVirtualSer function of Tenda F1202, which can be exploited by attackers to overflow the buffer and execute arbitrary code on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3876"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017155"
},
{
"db": "CNVD",
"id": "CNVD-2024-24532"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-3876",
"trust": 3.2
},
{
"db": "VULDB",
"id": "260910",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017155",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-24532",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24532"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017155"
},
{
"db": "NVD",
"id": "CVE-2024-3876"
}
]
},
"id": "VAR-202404-0182",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24532"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24532"
}
]
},
"last_update_date": "2025-01-25T22:48:26.495000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-017155"
},
{
"db": "NVD",
"id": "CVE-2024-3876"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/fromvirtualser.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.260910"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.312818"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-3876"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.260910"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-24532"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017155"
},
{
"db": "NVD",
"id": "CVE-2024-3876"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-24532"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017155"
},
{
"db": "NVD",
"id": "CVE-2024-3876"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-24532"
},
{
"date": "2025-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-017155"
},
{
"date": "2024-04-16T18:15:14.623000",
"db": "NVD",
"id": "CVE-2024-3876"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-24532"
},
{
"date": "2025-01-22T06:37:00",
"db": "JVNDB",
"id": "JVNDB-2024-017155"
},
{
"date": "2025-01-21T16:38:31.227000",
"db": "NVD",
"id": "CVE-2024-3876"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-017155"
}
],
"trust": 0.8
}
}
VAR-202404-0291
Vulnerability from variot - Updated: 2025-01-25 22:38A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260912. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of F1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda F1202 is a network device that provides network connection and data transmission functions. The vulnerability is caused by incorrect boundary checking of the webExctypeman Filter function of the /goform/webExctypemanFilter file. An attacker can exploit this vulnerability to overflow the buffer and execute arbitrary code on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202404-0291",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "f1202 firmware 1.2.0.20(408)"
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "1.2.0.20(408)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38184"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017189"
},
{
"db": "NVD",
"id": "CVE-2024-3878"
}
]
},
"cve": "CVE-2024-3878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2024-3878",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2024-017189",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38184",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-3878",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-017189",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2024-3878",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-3878",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-017189",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38184",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38184"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017189"
},
{
"db": "NVD",
"id": "CVE-2024-3878"
},
{
"db": "NVD",
"id": "CVE-2024-3878"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260912. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of F1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda F1202 is a network device that provides network connection and data transmission functions. The vulnerability is caused by incorrect boundary checking of the webExctypeman Filter function of the /goform/webExctypemanFilter file. An attacker can exploit this vulnerability to overflow the buffer and execute arbitrary code on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3878"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017189"
},
{
"db": "CNVD",
"id": "CNVD-2024-38184"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-3878",
"trust": 3.2
},
{
"db": "VULDB",
"id": "260912",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017189",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38184",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38184"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017189"
},
{
"db": "NVD",
"id": "CVE-2024-3878"
}
]
},
"id": "VAR-202404-0291",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38184"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38184"
}
]
},
"last_update_date": "2025-01-25T22:38:21.812000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-017189"
},
{
"db": "NVD",
"id": "CVE-2024-3878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/f/f1202/fromwebexcptypemanfilter.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.260912"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.312821"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-3878"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.260912"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38184"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017189"
},
{
"db": "NVD",
"id": "CVE-2024-3878"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38184"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-017189"
},
{
"db": "NVD",
"id": "CVE-2024-3878"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38184"
},
{
"date": "2025-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-017189"
},
{
"date": "2024-04-16T19:15:07.920000",
"db": "NVD",
"id": "CVE-2024-3878"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38184"
},
{
"date": "2025-01-22T07:41:00",
"db": "JVNDB",
"id": "JVNDB-2024-017189"
},
{
"date": "2025-01-21T16:32:56.933000",
"db": "NVD",
"id": "CVE-2024-3878"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-017189"
}
],
"trust": 0.8
}
}
VAR-202307-0870
Vulnerability from variot - Updated: 2025-01-07 23:26Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function. Shenzhen Tenda Technology Co.,Ltd. of F1202 firmware, ac1206 firmware, FH1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0870",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ac1206",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "15.03.06.23"
},
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "ac1206",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "fh1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019244"
},
{
"db": "NVD",
"id": "CVE-2023-37712"
}
]
},
"cve": "CVE-2023-37712",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37712",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-37712",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37712",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-37712",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-37712",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-532",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019244"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-532"
},
{
"db": "NVD",
"id": "CVE-2023-37712"
},
{
"db": "NVD",
"id": "CVE-2023-37712"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function. Shenzhen Tenda Technology Co.,Ltd. of F1202 firmware, ac1206 firmware, FH1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37712"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019244"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37712",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2023-019244",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202307-532",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019244"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-532"
},
{
"db": "NVD",
"id": "CVE-2023-37712"
}
]
},
"id": "VAR-202307-0870",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6766223
},
"last_update_date": "2025-01-07T23:26:24.820000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tenda AC1206 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246057"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-532"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019244"
},
{
"db": "NVD",
"id": "CVE-2023-37712"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/firmrec/iot-vulns/tree/main/tenda/fromsetipbind"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37712"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37712/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019244"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-532"
},
{
"db": "NVD",
"id": "CVE-2023-37712"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019244"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-532"
},
{
"db": "NVD",
"id": "CVE-2023-37712"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-019244"
},
{
"date": "2023-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-532"
},
{
"date": "2023-07-10T17:15:09.877000",
"db": "NVD",
"id": "CVE-2023-37712"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-12T08:04:00",
"db": "JVNDB",
"id": "JVNDB-2023-019244"
},
{
"date": "2023-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-532"
},
{
"date": "2025-01-06T17:15:13.680000",
"db": "NVD",
"id": "CVE-2023-37712"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-532"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-019244"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-532"
}
],
"trust": 0.6
}
}
VAR-202307-1183
Vulnerability from variot - Updated: 2024-08-14 15:41Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0br"
},
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "3.0"
},
{
"model": "ac5",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0"
},
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "ac1206",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.19_en"
},
{
"model": "ac7",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0"
},
{
"model": "ac10",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37717"
}
]
},
"cve": "CVE-2023-37717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37717",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37717",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1259",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1259"
},
{
"db": "NVD",
"id": "CVE-2023-37717"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37717"
},
{
"db": "VULMON",
"id": "CVE-2023-37717"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37717",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1259",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37717",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37717"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1259"
},
{
"db": "NVD",
"id": "CVE-2023-37717"
}
]
},
"id": "VAR-202307-1183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5256526420000001
},
"last_update_date": "2024-08-14T15:41:40.794000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tenda F1202 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247158"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1259"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/firmrec/iot-vulns/blob/main/tenda/fromdhcplistclient/repot.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37717/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37717"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37717"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1259"
},
{
"db": "NVD",
"id": "CVE-2023-37717"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37717"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1259"
},
{
"db": "NVD",
"id": "CVE-2023-37717"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37717"
},
{
"date": "2023-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1259"
},
{
"date": "2023-07-14T00:15:09.477000",
"db": "NVD",
"id": "CVE-2023-37717"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37717"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1259"
},
{
"date": "2023-07-21T14:31:56.167000",
"db": "NVD",
"id": "CVE-2023-37717"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1259"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1259"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1259"
}
],
"trust": 0.6
}
}
VAR-202307-1220
Vulnerability from variot - Updated: 2024-08-14 15:36Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0br"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.19_en"
},
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37715"
}
]
},
"cve": "CVE-2023-37715",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37715",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37715",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1281",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1281"
},
{
"db": "NVD",
"id": "CVE-2023-37715"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37715"
},
{
"db": "VULMON",
"id": "CVE-2023-37715"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37715",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1281",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37715",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37715"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1281"
},
{
"db": "NVD",
"id": "CVE-2023-37715"
}
]
},
"id": "VAR-202307-1220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.73333335
},
"last_update_date": "2024-08-14T15:36:53.104000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tenda F1202 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247163"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1281"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37715"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/firmrec/iot-vulns/blob/main/tenda/fml7protform/reprot.md"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37715"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37715/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37715"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1281"
},
{
"db": "NVD",
"id": "CVE-2023-37715"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37715"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1281"
},
{
"db": "NVD",
"id": "CVE-2023-37715"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37715"
},
{
"date": "2023-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1281"
},
{
"date": "2023-07-14T00:15:09.387000",
"db": "NVD",
"id": "CVE-2023-37715"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37715"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1281"
},
{
"date": "2023-07-21T14:33:22.617000",
"db": "NVD",
"id": "CVE-2023-37715"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1281"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1281"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1281"
}
],
"trust": 0.6
}
}
VAR-202307-1287
Vulnerability from variot - Updated: 2024-08-14 15:31Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1287",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0br"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.19_en"
},
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "4g300",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37718"
}
]
},
"cve": "CVE-2023-37718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37718",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37718",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1262",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1262"
},
{
"db": "NVD",
"id": "CVE-2023-37718"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37718"
},
{
"db": "VULMON",
"id": "CVE-2023-37718"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37718",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1262",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37718",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37718"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1262"
},
{
"db": "NVD",
"id": "CVE-2023-37718"
}
]
},
"id": "VAR-202307-1287",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7888889
},
"last_update_date": "2024-08-14T15:31:58.849000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tenda F1202 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247159"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/firmrec/iot-vulns/blob/main/tenda/fromsafeclientfilter/report.md"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37718"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37718/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37718"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1262"
},
{
"db": "NVD",
"id": "CVE-2023-37718"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37718"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1262"
},
{
"db": "NVD",
"id": "CVE-2023-37718"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37718"
},
{
"date": "2023-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1262"
},
{
"date": "2023-07-14T00:15:09.523000",
"db": "NVD",
"id": "CVE-2023-37718"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37718"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1262"
},
{
"date": "2023-07-21T14:32:08.327000",
"db": "NVD",
"id": "CVE-2023-37718"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1262"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1262"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1262"
}
],
"trust": 0.6
}
}
VAR-202307-1202
Vulnerability from variot - Updated: 2024-08-14 15:15Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0br"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.19_en"
},
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "4g300",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37722"
}
]
},
"cve": "CVE-2023-37722",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37722",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37722",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1276",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1276"
},
{
"db": "NVD",
"id": "CVE-2023-37722"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37722"
},
{
"db": "VULMON",
"id": "CVE-2023-37722"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37722",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1276",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37722",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37722"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1276"
},
{
"db": "NVD",
"id": "CVE-2023-37722"
}
]
},
"id": "VAR-202307-1202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7888889
},
"last_update_date": "2024-08-14T15:15:55.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tenda F1202 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247162"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1276"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37722"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/firmrec/iot-vulns/blob/main/tenda/fromsafeurlfilter/report.md"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37722"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37722/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37722"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1276"
},
{
"db": "NVD",
"id": "CVE-2023-37722"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37722"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1276"
},
{
"db": "NVD",
"id": "CVE-2023-37722"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37722"
},
{
"date": "2023-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1276"
},
{
"date": "2023-07-14T00:15:09.660000",
"db": "NVD",
"id": "CVE-2023-37722"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37722"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1276"
},
{
"date": "2023-07-21T14:26:45.147000",
"db": "NVD",
"id": "CVE-2023-37722"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1276"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1276"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1276"
}
],
"trust": 0.6
}
}
VAR-202307-1265
Vulnerability from variot - Updated: 2024-08-14 15:15Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic. F1202 firmware, FH1202 firmware, F1202 firmware etc. Shenzhen Tenda Technology Co.,Ltd. The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0br"
},
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "pw201a",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.19_en"
},
{
"model": "ac7",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0"
},
{
"model": "ac7",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "fh1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "pw201a",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022977"
},
{
"db": "NVD",
"id": "CVE-2023-37714"
}
]
},
"cve": "CVE-2023-37714",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37714",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-37714",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37714",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-37714",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1257",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022977"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1257"
},
{
"db": "NVD",
"id": "CVE-2023-37714"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic. F1202 firmware, FH1202 firmware, F1202 firmware etc. Shenzhen Tenda Technology Co.,Ltd. The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37714"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022977"
},
{
"db": "VULMON",
"id": "CVE-2023-37714"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37714",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022977",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1257",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37714",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37714"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022977"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1257"
},
{
"db": "NVD",
"id": "CVE-2023-37714"
}
]
},
"id": "VAR-202307-1265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.73333335
},
"last_update_date": "2024-08-14T15:15:55.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tenda F1202 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247157"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1257"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022977"
},
{
"db": "NVD",
"id": "CVE-2023-37714"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/firmrec/iot-vulns/blob/main/tenda/fromroutestatic/report.md"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37714"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37714/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37714"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022977"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1257"
},
{
"db": "NVD",
"id": "CVE-2023-37714"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37714"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022977"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1257"
},
{
"db": "NVD",
"id": "CVE-2023-37714"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37714"
},
{
"date": "2024-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022977"
},
{
"date": "2023-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1257"
},
{
"date": "2023-07-14T00:15:09.340000",
"db": "NVD",
"id": "CVE-2023-37714"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37714"
},
{
"date": "2024-01-25T05:13:00",
"db": "JVNDB",
"id": "JVNDB-2023-022977"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1257"
},
{
"date": "2023-07-21T14:33:06.457000",
"db": "NVD",
"id": "CVE-2023-37714"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1257"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022977"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1257"
}
],
"trust": 0.6
}
}
VAR-202307-1305
Vulnerability from variot - Updated: 2024-08-14 14:43Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1305",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0br"
},
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "4g300",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
},
{
"model": "pa202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
},
{
"model": "pw201a",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.19_en"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37721"
}
]
},
"cve": "CVE-2023-37721",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37721",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37721",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1264",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1264"
},
{
"db": "NVD",
"id": "CVE-2023-37721"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37721"
},
{
"db": "VULMON",
"id": "CVE-2023-37721"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37721",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1264",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37721",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37721"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1264"
},
{
"db": "NVD",
"id": "CVE-2023-37721"
}
]
},
"id": "VAR-202307-1305",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7888889
},
"last_update_date": "2024-08-14T14:43:08.587000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tenda F1202 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247160"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1264"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37721"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/firmrec/iot-vulns/blob/main/tenda/fromsafemacfilter/report.md"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37721"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37721/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37721"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1264"
},
{
"db": "NVD",
"id": "CVE-2023-37721"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37721"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1264"
},
{
"db": "NVD",
"id": "CVE-2023-37721"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37721"
},
{
"date": "2023-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1264"
},
{
"date": "2023-07-14T00:15:09.617000",
"db": "NVD",
"id": "CVE-2023-37721"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37721"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1264"
},
{
"date": "2023-07-21T14:26:31.143000",
"db": "NVD",
"id": "CVE-2023-37721"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1264"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1264"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1264"
}
],
"trust": 0.6
}
}
VAR-202307-1326
Vulnerability from variot - Updated: 2024-08-14 14:43Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1326",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0br"
},
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "4g300",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
},
{
"model": "pa202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
},
{
"model": "pw201a",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.19_en"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37723"
}
]
},
"cve": "CVE-2023-37723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37723",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37723",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1283",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1283"
},
{
"db": "NVD",
"id": "CVE-2023-37723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37723"
},
{
"db": "VULMON",
"id": "CVE-2023-37723"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37723",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1283",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37723",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37723"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1283"
},
{
"db": "NVD",
"id": "CVE-2023-37723"
}
]
},
"id": "VAR-202307-1326",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7888889
},
"last_update_date": "2024-08-14T14:43:08.567000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tenda F1202 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247164"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/firmrec/iot-vulns/blob/main/tenda/fromqossetting/report.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37723/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37723"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1283"
},
{
"db": "NVD",
"id": "CVE-2023-37723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37723"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1283"
},
{
"db": "NVD",
"id": "CVE-2023-37723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37723"
},
{
"date": "2023-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1283"
},
{
"date": "2023-07-14T00:15:09.707000",
"db": "NVD",
"id": "CVE-2023-37723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37723"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1283"
},
{
"date": "2023-07-21T14:26:54.460000",
"db": "NVD",
"id": "CVE-2023-37723"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1283"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1283"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1283"
}
],
"trust": 0.6
}
}
VAR-202308-4082
Vulnerability from variot - Updated: 2024-08-14 14:23Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function. Shenzhen Tenda Technology Co.,Ltd. of F1202 firmware and FH1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-4082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.9"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.9"
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "fh1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021101"
},
{
"db": "NVD",
"id": "CVE-2023-38939"
}
]
},
"cve": "CVE-2023-38939",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-38939",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-38939",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-38939",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-38939",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021101"
},
{
"db": "NVD",
"id": "CVE-2023-38939"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function. Shenzhen Tenda Technology Co.,Ltd. of F1202 firmware and FH1202 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38939"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021101"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-38939",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021101",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021101"
},
{
"db": "NVD",
"id": "CVE-2023-38939"
}
]
},
"id": "VAR-202308-4082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.73333335
},
"last_update_date": "2024-08-14T14:23:50.214000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021101"
},
{
"db": "NVD",
"id": "CVE-2023-38939"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/firmrec/iot-vulns/tree/main/tenda/formwrlsafeset"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38939"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021101"
},
{
"db": "NVD",
"id": "CVE-2023-38939"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021101"
},
{
"db": "NVD",
"id": "CVE-2023-38939"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-021101"
},
{
"date": "2023-08-07T19:15:11.540000",
"db": "NVD",
"id": "CVE-2023-38939"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-18T06:42:00",
"db": "JVNDB",
"id": "JVNDB-2023-021101"
},
{
"date": "2023-08-09T18:06:28.010000",
"db": "NVD",
"id": "CVE-2023-38939"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0F1202\u00a0 firmware and \u00a0FH1202\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021101"
}
],
"trust": 0.8
}
}
VAR-202307-1352
Vulnerability from variot - Updated: 2024-08-14 14:17Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1352",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0br"
},
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "pa202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
},
{
"model": "pw201a",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": null
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.19_en"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37719"
}
]
},
"cve": "CVE-2023-37719",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37719",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37719",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1274",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1274"
},
{
"db": "NVD",
"id": "CVE-2023-37719"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37719"
},
{
"db": "VULMON",
"id": "CVE-2023-37719"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37719",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1274",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37719",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37719"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1274"
},
{
"db": "NVD",
"id": "CVE-2023-37719"
}
]
},
"id": "VAR-202307-1352",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.73333335
},
"last_update_date": "2024-08-14T14:17:03.005000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tenda F1202 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247161"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1274"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37719"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/firmrec/iot-vulns/blob/main/tenda/fromp2plistfilter/report.md"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37719"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37719/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37719"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1274"
},
{
"db": "NVD",
"id": "CVE-2023-37719"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37719"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1274"
},
{
"db": "NVD",
"id": "CVE-2023-37719"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37719"
},
{
"date": "2023-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1274"
},
{
"date": "2023-07-14T00:15:09.570000",
"db": "NVD",
"id": "CVE-2023-37719"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37719"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1274"
},
{
"date": "2023-07-21T14:32:38.633000",
"db": "NVD",
"id": "CVE-2023-37719"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1274"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1274"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1274"
}
],
"trust": 0.6
}
}
VAR-202307-1306
Vulnerability from variot - Updated: 2024-08-14 14:09Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-1306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0br"
},
{
"model": "ac9",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "3.0"
},
{
"model": "ac5",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0"
},
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.20\\(408\\)"
},
{
"model": "ac1206",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.19_en"
},
{
"model": "ac7",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0"
},
{
"model": "ac10",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37716"
}
]
},
"cve": "CVE-2023-37716",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-37716",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-37716",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-1255",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1255"
},
{
"db": "NVD",
"id": "CVE-2023-37716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37716"
},
{
"db": "VULMON",
"id": "CVE-2023-37716"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37716",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1255",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37716",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37716"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1255"
},
{
"db": "NVD",
"id": "CVE-2023-37716"
}
]
},
"id": "VAR-202307-1306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5256526420000001
},
"last_update_date": "2024-08-14T14:09:54.108000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37716"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/firmrec/iot-vulns/blob/main/tenda/fromnatstaticsetting/report.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37716/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37716"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1255"
},
{
"db": "NVD",
"id": "CVE-2023-37716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37716"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-1255"
},
{
"db": "NVD",
"id": "CVE-2023-37716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37716"
},
{
"date": "2023-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1255"
},
{
"date": "2023-07-14T00:15:09.430000",
"db": "NVD",
"id": "CVE-2023-37716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37716"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-1255"
},
{
"date": "2023-07-21T14:33:30.690000",
"db": "NVD",
"id": "CVE-2023-37716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1255"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1255"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-1255"
}
],
"trust": 0.6
}
}
VAR-202308-3909
Vulnerability from variot - Updated: 2024-08-14 13:19Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function. F1202 firmware, pa202 firmware, pw201a firmware etc. Shenzhen Tenda Technology Co.,Ltd. The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3909",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.9"
},
{
"model": "pa202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.1.2.5"
},
{
"model": "pw201a",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.1.2.5"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.9"
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "pa202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "pw201a",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "fh1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021096"
},
{
"db": "NVD",
"id": "CVE-2023-38932"
}
]
},
"cve": "CVE-2023-38932",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-38932",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-38932",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-38932",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-38932",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021096"
},
{
"db": "NVD",
"id": "CVE-2023-38932"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function. F1202 firmware, pa202 firmware, pw201a firmware etc. Shenzhen Tenda Technology Co.,Ltd. The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38932"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021096"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-38932",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021096",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021096"
},
{
"db": "NVD",
"id": "CVE-2023-38932"
}
]
},
"id": "VAR-202308-3909",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.73333335
},
"last_update_date": "2024-08-14T13:19:52.713000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021096"
},
{
"db": "NVD",
"id": "CVE-2023-38932"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/firmrec/iot-vulns/tree/main/tenda/formsafeemailfilter"
},
{
"trust": 1.8,
"url": "https://www.netgear.com/about/security/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38932"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021096"
},
{
"db": "NVD",
"id": "CVE-2023-38932"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021096"
},
{
"db": "NVD",
"id": "CVE-2023-38932"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-021096"
},
{
"date": "2023-08-07T19:15:11.043000",
"db": "NVD",
"id": "CVE-2023-38932"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-18T06:42:00",
"db": "JVNDB",
"id": "JVNDB-2023-021096"
},
{
"date": "2023-08-09T18:05:45.487000",
"db": "NVD",
"id": "CVE-2023-38932"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021096"
}
],
"trust": 0.8
}
}
VAR-202308-3972
Vulnerability from variot - Updated: 2024-08-14 13:19Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im. F1202 firmware, pa202 firmware, pw201a firmware etc. Shenzhen Tenda Technology Co.,Ltd. The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-3972",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.9"
},
{
"model": "pa202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.1.2.5"
},
{
"model": "pw201a",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.1.2.5"
},
{
"model": "fh1202",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "1.2.0.9"
},
{
"model": "f1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "pa202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "pw201a",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "fh1202",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021098"
},
{
"db": "NVD",
"id": "CVE-2023-38938"
}
]
},
"cve": "CVE-2023-38938",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-38938",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-38938",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-38938",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-38938",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021098"
},
{
"db": "NVD",
"id": "CVE-2023-38938"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im. F1202 firmware, pa202 firmware, pw201a firmware etc. Shenzhen Tenda Technology Co.,Ltd. The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38938"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021098"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-38938",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021098",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021098"
},
{
"db": "NVD",
"id": "CVE-2023-38938"
}
]
},
"id": "VAR-202308-3972",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.73333335
},
"last_update_date": "2024-08-14T13:19:52.684000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021098"
},
{
"db": "NVD",
"id": "CVE-2023-38938"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/firmrec/iot-vulns/tree/main/tenda/frml7imform"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38938"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021098"
},
{
"db": "NVD",
"id": "CVE-2023-38938"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021098"
},
{
"db": "NVD",
"id": "CVE-2023-38938"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-021098"
},
{
"date": "2023-08-07T19:15:11.477000",
"db": "NVD",
"id": "CVE-2023-38938"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-18T06:42:00",
"db": "JVNDB",
"id": "JVNDB-2023-021098"
},
{
"date": "2023-08-09T18:06:15.870000",
"db": "NVD",
"id": "CVE-2023-38938"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021098"
}
],
"trust": 0.8
}
}
CVE-2025-9806 (GCVE-0-2025-9806)
Vulnerability from nvd – Published: 2025-09-02 00:32 – Updated: 2025-09-02 19:33
VLAI?
Title
Tenda F1202 Administrative shadow hard-coded credentials
Summary
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Credits
Yu Bao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9806",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T19:27:54.101282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T19:33:32.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Administrative Interface"
],
"product": "F1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.9"
},
{
"status": "affected",
"version": "1.2.0.14"
},
{
"status": "affected",
"version": "1.2.0.20"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "In Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20 wurde eine Schwachstelle gefunden. Dies betrifft einen unbekannten Teil der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Manipulation mit der Eingabe Fireitup mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 1.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 1.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 0.8,
"vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T00:32:07.898Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322130 | Tenda F1202 Administrative shadow hard-coded credentials",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.322130"
},
{
"name": "VDB-322130 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322130"
},
{
"name": "Submit #640980 | Tenda F1202 V1.2.0.14/V1.2.0.20/V1.2.0.9 Hard-coded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.640980"
},
{
"tags": [
"related"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e9.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e9.md#steps-to-reproduce"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-01T17:17:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1202 Administrative shadow hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9806",
"datePublished": "2025-09-02T00:32:07.898Z",
"dateReserved": "2025-09-01T15:09:53.760Z",
"dateUpdated": "2025-09-02T19:33:32.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3878 (GCVE-0-2024-3878)
Vulnerability from nvd – Published: 2024-04-16 18:31 – Updated: 2024-08-01 20:26
VLAI?
Title
Tenda F1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260912. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_mie (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1202_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.20\\(408\\)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3878",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T17:30:20.355023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T21:04:08.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-260912 | Tenda F1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.260912"
},
{
"name": "VDB-260912 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.260912"
},
{
"name": "Submit #312821 | Tenda F1202 V1.2.0.20(408) buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.312821"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromwebExcptypemanFilter.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.20(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_mie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260912. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda F1202 1.2.0.20(408) entdeckt. Dies betrifft die Funktion fromwebExcptypemanFilter der Datei /goform/webExcptypemanFilter. Durch die Manipulation des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T18:31:05.460Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-260912 | Tenda F1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.260912"
},
{
"name": "VDB-260912 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.260912"
},
{
"name": "Submit #312821 | Tenda F1202 V1.2.0.20(408) buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.312821"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromwebExcptypemanFilter.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-16T12:55:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3878",
"datePublished": "2024-04-16T18:31:05.460Z",
"dateReserved": "2024-04-16T10:49:36.850Z",
"dateUpdated": "2024-08-01T20:26:57.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3877 (GCVE-0-2024-3877)
Vulnerability from nvd – Published: 2024-04-16 18:31 – Updated: 2024-08-01 20:26
VLAI?
Title
Tenda F1202 fromqossetting stack-based overflow
Summary
A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function fromqossetting of the file /goform/fromqossetting. The manipulation of the argument qos leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_mie (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1202_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.20\\(408\\)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3877",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-24T13:34:45.882178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:22.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-260911 | Tenda F1202 fromqossetting stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.260911"
},
{
"name": "VDB-260911 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.260911"
},
{
"name": "Submit #312820 | Tenda F1202 V1.2.0.20(408) buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.312820"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromqossetting.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.20(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_mie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function fromqossetting of the file /goform/fromqossetting. The manipulation of the argument qos leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda F1202 1.2.0.20(408) wurde eine kritische Schwachstelle entdeckt. Das betrifft die Funktion fromqossetting der Datei /goform/fromqossetting. Mit der Manipulation des Arguments qos mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T18:31:04.090Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-260911 | Tenda F1202 fromqossetting stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.260911"
},
{
"name": "VDB-260911 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.260911"
},
{
"name": "Submit #312820 | Tenda F1202 V1.2.0.20(408) buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.312820"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromqossetting.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-16T12:54:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1202 fromqossetting stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3877",
"datePublished": "2024-04-16T18:31:04.090Z",
"dateReserved": "2024-04-16T10:49:33.989Z",
"dateUpdated": "2024-08-01T20:26:57.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9806 (GCVE-0-2025-9806)
Vulnerability from cvelistv5 – Published: 2025-09-02 00:32 – Updated: 2025-09-02 19:33
VLAI?
Title
Tenda F1202 Administrative shadow hard-coded credentials
Summary
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Credits
Yu Bao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9806",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T19:27:54.101282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T19:33:32.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Administrative Interface"
],
"product": "F1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.9"
},
{
"status": "affected",
"version": "1.2.0.14"
},
{
"status": "affected",
"version": "1.2.0.20"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu Bao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "In Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20 wurde eine Schwachstelle gefunden. Dies betrifft einen unbekannten Teil der Datei /etc_ro/shadow der Komponente Administrative Interface. Durch Manipulation mit der Eingabe Fireitup mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Ein Angriff erfordert eine vergleichsweise hohe Komplexit\u00e4t. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 1.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 1.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 0.8,
"vectorString": "AV:L/AC:H/Au:M/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T00:32:07.898Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-322130 | Tenda F1202 Administrative shadow hard-coded credentials",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.322130"
},
{
"name": "VDB-322130 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.322130"
},
{
"name": "Submit #640980 | Tenda F1202 V1.2.0.14/V1.2.0.20/V1.2.0.9 Hard-coded Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.640980"
},
{
"tags": [
"related"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e9.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e9.md#steps-to-reproduce"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-01T17:17:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1202 Administrative shadow hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9806",
"datePublished": "2025-09-02T00:32:07.898Z",
"dateReserved": "2025-09-01T15:09:53.760Z",
"dateUpdated": "2025-09-02T19:33:32.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3878 (GCVE-0-2024-3878)
Vulnerability from cvelistv5 – Published: 2024-04-16 18:31 – Updated: 2024-08-01 20:26
VLAI?
Title
Tenda F1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260912. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_mie (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1202_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.20\\(408\\)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3878",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T17:30:20.355023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T21:04:08.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-260912 | Tenda F1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.260912"
},
{
"name": "VDB-260912 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.260912"
},
{
"name": "Submit #312821 | Tenda F1202 V1.2.0.20(408) buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.312821"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromwebExcptypemanFilter.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F1202",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.2.0.20(408)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_mie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260912. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda F1202 1.2.0.20(408) entdeckt. Dies betrifft die Funktion fromwebExcptypemanFilter der Datei /goform/webExcptypemanFilter. Durch die Manipulation des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T18:31:05.460Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-260912 | Tenda F1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.260912"
},
{
"name": "VDB-260912 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.260912"
},
{
"name": "Submit #312821 | Tenda F1202 V1.2.0.20(408) buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.312821"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromwebExcptypemanFilter.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-16T12:55:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3878",
"datePublished": "2024-04-16T18:31:05.460Z",
"dateReserved": "2024-04-16T10:49:36.850Z",
"dateUpdated": "2024-08-01T20:26:57.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}