A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
History

Thu, 07 Nov 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda i22 Firmware
CPEs cpe:2.3:o:tenda:i22_firmware:1.0.0.3\(4687\):*:*:*:*:*:*:*
Vendors & Products Tenda i22 Firmware

Tue, 05 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda i22
CPEs cpe:2.3:h:tenda:i22:-:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda i22
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 04 Nov 2024 01:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Title Tenda i22 SysToo websReadEvent null pointer dereference
Weaknesses CWE-476
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:C'}

cvssV3_0

{'score': 6.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-11-04T01:00:07.611Z

Updated: 2024-11-05T14:55:33.301Z

Reserved: 2024-11-03T06:35:17.315Z

Link: CVE-2024-10750

cve-icon Vulnrichment

Updated: 2024-11-05T14:55:27.386Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-04T02:15:14.667

Modified: 2024-11-07T17:09:50.387

Link: CVE-2024-10750

cve-icon Redhat

No data.