CVE-2024-3011

A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258297 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formQuickIndex.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.258297 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.258297 Third Party Advisory VDB Entry
https://vuldb.com/?submit.301490 Third Party Advisory VDB Entry
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formQuickIndex.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.258297 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.258297 Third Party Advisory VDB Entry
https://vuldb.com/?submit.301490 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\(775\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*

History

15 Jan 2025, 18:24

Type Values Removed Values Added
CPE cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\(775\):*:*:*:*:*:*:*
CWE CWE-787
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formQuickIndex.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formQuickIndex.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.258297 - () https://vuldb.com/?ctiid.258297 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.258297 - () https://vuldb.com/?id.258297 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.301490 - () https://vuldb.com/?submit.301490 - Third Party Advisory, VDB Entry
First Time Tenda
Tenda fh1205 Firmware
Tenda fh1205

21 Nov 2024, 09:28

Type Values Removed Values Added
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formQuickIndex.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/formQuickIndex.md -
References () https://vuldb.com/?ctiid.258297 - () https://vuldb.com/?ctiid.258297 -
References () https://vuldb.com/?id.258297 - () https://vuldb.com/?id.258297 -
References () https://vuldb.com/?submit.301490 - () https://vuldb.com/?submit.301490 -

11 Apr 2024, 01:25

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Tenda FH1205 2.0.0.7(775). Ha sido clasificada como crítica. Esto afecta a la función formQuickIndex del archivo /goform/QuickIndex. La manipulación del argumento PPPOEPassword provoca un desbordamiento de búfer en la región stack de la memoria. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-258297. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

28 Mar 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-28 00:15

Updated : 2025-01-15 18:24


NVD link : CVE-2024-3011

Mitre link : CVE-2024-3011

CVE.ORG link : CVE-2024-3011


JSON object : View

Products Affected

tenda

  • fh1205
  • fh1205_firmware
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write