Description
A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2024-10-23
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-33008 A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
History

Fri, 01 Nov 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac10
Tenda ac10u
Tenda ac1206
Tenda ac15
Tenda ac18
Tenda ac500
Tenda ac6
Tenda ac7
Tenda ac8
Tenda ac9
CPEs cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10:5.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac500:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.10.20:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.48.19:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.48.23:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.05.14:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.06.42:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.2.13:*:*:*:*:*:*:*
Vendors & Products Tenda ac10
Tenda ac10u
Tenda ac1206
Tenda ac15
Tenda ac18
Tenda ac500
Tenda ac6
Tenda ac7
Tenda ac8
Tenda ac9

Wed, 23 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac10 Firmware
Tenda ac10u Firmware
Tenda ac1206 Firmware
Tenda ac15 Firmware
Tenda ac18 Firmware
Tenda ac500 Firmware
Tenda ac6 Firmware
Tenda ac7 Firmware
Tenda ac8 Firmware
Tenda ac9 Firmware
CPEs cpe:2.3:a:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\(1307\):*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac10 Firmware
Tenda ac10u Firmware
Tenda ac1206 Firmware
Tenda ac15 Firmware
Tenda ac18 Firmware
Tenda ac500 Firmware
Tenda ac6 Firmware
Tenda ac7 Firmware
Tenda ac8 Firmware
Tenda ac9 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 23 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference
Weaknesses CWE-476
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:C'}

cvssV3_0

{'score': 6.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tenda Ac10 Ac10 Firmware Ac10u Ac10u Firmware Ac1206 Ac1206 Firmware Ac15 Ac15 Firmware Ac18 Ac18 Firmware Ac500 Ac500 Firmware Ac6 Ac6 Firmware Ac7 Ac7 Firmware Ac8 Ac8 Firmware Ac9 Ac9 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2024-10-23T17:41:57.370Z

Reserved: 2024-10-23T06:02:03.363Z

Link: CVE-2024-10280

cve-icon Vulnrichment

Updated: 2024-10-23T17:41:29.943Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-23T14:15:04.500

Modified: 2024-11-01T14:03:20.267

Link: CVE-2024-10280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses