VAR-202408-0606
Vulnerability from variot - Updated: 2025-09-06 00:04Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda, designed for large fiber-optic households
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202408-0606",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fh1206",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "v02.03.1.35"
},
{
"model": "fh1206",
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "fh1206",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "fh1206",
"scope": "eq",
"trust": 0.8,
"vendor": "tenda",
"version": "fh1206 firmware v02.03.1.35"
},
{
"model": "fh1206",
"scope": "eq",
"trust": 0.6,
"vendor": "tenda",
"version": "02.03.01.35"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16092"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005622"
},
{
"db": "NVD",
"id": "CVE-2024-42987"
}
]
},
"cve": "CVE-2024-42987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-16092",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-42987",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-42987",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-42987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-42987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-42987",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-16092",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16092"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005622"
},
{
"db": "NVD",
"id": "CVE-2024-42987"
},
{
"db": "NVD",
"id": "CVE-2024-42987"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda, designed for large fiber-optic households",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-42987"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005622"
},
{
"db": "CNVD",
"id": "CNVD-2025-16092"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-42987",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005622",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-16092",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16092"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005622"
},
{
"db": "NVD",
"id": "CVE-2024-42987"
}
]
},
"id": "VAR-202408-0606",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16092"
}
],
"trust": 0.7710203999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16092"
}
]
},
"last_update_date": "2025-09-06T00:04:20.004000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Tenda FH1206 Buffer Overflow Vulnerability (CNVD-2025-16092)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/709851"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-005622"
},
{
"db": "NVD",
"id": "CVE-2024-42987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/tttjjjwww/ahu-iot-vulnerable/blob/main/tenda/fh1206/frompptpuseradd.md"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-42987"
},
{
"trust": 1.0,
"url": "https://github.com/laohouzju/poc/blob/main/tenda%20fh1206%20frompptpuseradd_newpwd.md"
},
{
"trust": 1.0,
"url": "https://github.com/laohouzju/poc/blob/main/tenda%20fh1206%20frompptpuseradd_username.md"
},
{
"trust": 1.0,
"url": "https://github.com/laohouzju/poc/blob/main/tenda%20fh1206%20frompptpuseradd_pptpdnetseg.md"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-16092"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005622"
},
{
"db": "NVD",
"id": "CVE-2024-42987"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-16092"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-005622"
},
{
"db": "NVD",
"id": "CVE-2024-42987"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-16092"
},
{
"date": "2024-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-005622"
},
{
"date": "2024-08-15T17:15:21.820000",
"db": "NVD",
"id": "CVE-2024-42987"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-16092"
},
{
"date": "2024-08-19T02:06:00",
"db": "JVNDB",
"id": "JVNDB-2024-005622"
},
{
"date": "2025-09-02T17:15:34.390000",
"db": "NVD",
"id": "CVE-2024-42987"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0fh1206\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-005622"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…