CVE-2024-10280NULL Pointer Dereference in Ac10

CWE-476NULL Pointer Dereference3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.2%
top 62.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Tenda Ac10Tenda Ac10uTenda Ac1206+17 more
Timeline
PublishedOct 23

Description

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages20 packages

CVEListV5tenda/ac10u20241022
NVDtenda/ac10u_firmware15.03.06.48, 15.03.06.49+1
CVEListV5tenda/ac1020241022
CVEListV5tenda/ac1520241022
CVEListV5tenda/ac1820241022

🔴Vulnerability Details

2
CVEList
Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference2024-10-23
GHSA
GHSA-xvqq-m3qc-q58j: A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 202410222024-10-23
CVE-2024-10280 — NULL Pointer Dereference in Tenda Ac10 | cvebase