A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
History

Fri, 01 Nov 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac10
Tenda ac10u
Tenda ac1206
Tenda ac15
Tenda ac18
Tenda ac500
Tenda ac6
Tenda ac7
Tenda ac8
Tenda ac9
CPEs cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10:5.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac500:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.10.20:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.48.19:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.48.23:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.05.14:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.06.42:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.2.13:*:*:*:*:*:*:*
Vendors & Products Tenda ac10
Tenda ac10u
Tenda ac1206
Tenda ac15
Tenda ac18
Tenda ac500
Tenda ac6
Tenda ac7
Tenda ac8
Tenda ac9

Wed, 23 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac10 Firmware
Tenda ac10u Firmware
Tenda ac1206 Firmware
Tenda ac15 Firmware
Tenda ac18 Firmware
Tenda ac500 Firmware
Tenda ac6 Firmware
Tenda ac7 Firmware
Tenda ac8 Firmware
Tenda ac9 Firmware
CPEs cpe:2.3:a:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\(1307\):*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac10 Firmware
Tenda ac10u Firmware
Tenda ac1206 Firmware
Tenda ac15 Firmware
Tenda ac18 Firmware
Tenda ac500 Firmware
Tenda ac6 Firmware
Tenda ac7 Firmware
Tenda ac8 Firmware
Tenda ac9 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 23 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference
Weaknesses CWE-476
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:C'}

cvssV3_0

{'score': 6.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-10-23T13:31:07.315Z

Updated: 2024-10-23T17:41:57.370Z

Reserved: 2024-10-23T06:02:03.363Z

Link: CVE-2024-10280

cve-icon Vulnrichment

Updated: 2024-10-23T17:41:29.943Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-23T14:15:04.500

Modified: 2024-11-01T14:03:20.267

Link: CVE-2024-10280

cve-icon Redhat

No data.