CVE-2024-30635 — Classic Buffer Overflow in F1202 Firmware

CWE-120 — Classic Buffer Overflow CWE-674 — Uncontrolled Recursion5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 41.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda F1202 Firmware

Timeline

PublishedMar 29

Latest updateSep 6

Description

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtenda/f1202_firmware1.2.0.20\(408\)

🔴Vulnerability Details

OSV

Stack exhaustion in Decoder.Decode in encoding/gob↗2024-09-06

▶

GHSA

GHSA-jr6v-9h7h-qrjx: Tenda F1202 v1↗2024-03-29

▶

CVEList

CVE-2024-30635: Tenda F1202 v1↗2024-03-29

▶

📋Vendor Advisories

Red Hat

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion↗2024-09-06

▶