CVE-2024-12002

moderate-risk

Published 2024-11-30

A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (9)

Fh451 Firmware

Fh1201 Firmware

Fh1202 Firmware

Fh1206 Firmware

Affected Vendors

Tenda

References (5)

Exploit https://github.com/Kalvin2077/tenda-fh-cve

Permissions Required https://vuldb.com/?ctiid.286417

Third Party Advisory https://vuldb.com/?id.286417

Third Party Advisory https://vuldb.com/?submit.453974

Product https://www.tenda.com.cn/

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 15/34 · Moderate