CVE-2024-10280

Published: Oct 23, 2024Modified: Nov 1, 2024

7.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected (22)

Products: Tenda: Ac15 Firmware, Ac7 Firmware, Ac10u Firmware, Ac500 Firmware, Ac18 Firmware, Ac9 Firmware, Ac1206 Firmware, Ac6 Firmware, Ac10 Firmware, Ac8 Firmware

10 products

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac15 Firmware	Version 15.03.05.18
Tenda Ac15 Firmware	Version 15.03.05.19

Running on/with	Platform Versions
Tenda Ac15	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac7 Firmware	Version 15.03.06.44

Running on/with	Platform Versions
Tenda Ac7	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac10u Firmware	Version 15.03.06.48
Tenda Ac10u Firmware	Version 15.03.06.49

Running on/with	Platform Versions
Tenda Ac10u	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac500 Firmware	Version 1.0.0.14
Tenda Ac500 Firmware	Version 1.0.0.16
Tenda Ac500 Firmware	Version 2.0.1.9(1307)

Running on/with	Platform Versions
Tenda Ac500	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac18 Firmware	Version 15.03.05.05
Tenda Ac18 Firmware	Version 15.03.05.19(6318)

Running on/with	Platform Versions
Tenda Ac18	All versions

Configuration F

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac9 Firmware	Version 15.03.05.14
Tenda Ac9 Firmware	Version 15.03.05.19(6318)
Tenda Ac9 Firmware	Version 15.03.2.13

Running on/with	Platform Versions
Tenda Ac9	Version 1.0

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac9 Firmware	Version 15.03.06.42

Running on/with	Platform Versions
Tenda Ac9	Version 3.0

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac1206 Firmware	Version 15.03.06.23

Running on/with	Platform Versions
Tenda Ac1206	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac6 Firmware	Version 15.03.06.23

Running on/with	Platform Versions
Tenda Ac6	Version 2.0

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac10 Firmware	Version 16.03.10.13
Tenda Ac10 Firmware	Version 16.03.10.20

Running on/with	Platform Versions
Tenda Ac10	Version 4.0

Configuration K

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac10 Firmware	Version 16.03.48.19
Tenda Ac10 Firmware	Version 16.03.48.23

Running on/with	Platform Versions
Tenda Ac10	Version 5.0

Configuration L

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac8 Firmware	Version 16.03.34.06
Tenda Ac8 Firmware	Version 16.03.34.09

Running on/with	Platform Versions
Tenda Ac8	Version 4.0

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (5)

https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?ctiid.281555

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.281555

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.426417

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Source: cna@vuldb.com

Product

Timeline

No history available yet.