A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 22 Aug 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda fh1206
Weaknesses CWE-787
CPEs cpe:2.3:h:tenda:fh1206:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:fh1206_firmware:v02.03.01.35:*:*:*:*:*:*:*
Vendors & Products Tenda fh1206

Wed, 14 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda fh1206 Firmware
CPEs cpe:2.3:a:tenda:fh1206_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda fh1206 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 00:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Title Tenda FH1206 HTTP POST Request SafeEmailFilter formSafeEmailFilter stack-based overflow
Weaknesses CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2024-08-14T16:11:06.129Z

Reserved: 2024-08-12T16:13:45.110Z

Link: CVE-2024-7707

cve-icon Vulnrichment

Updated: 2024-08-14T16:11:00.502Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-13T01:24:09.723

Modified: 2024-08-22T13:23:20.327

Link: CVE-2024-7707

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.