CVE-2024-4020Classic Buffer Overflow in Fh1206

CWE-120Classic Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 66.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Fh1206Tenda Fh1206 Firmware
Timeline
PublishedApr 20
Latest updateApr 21

Description

A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5tenda/fh12061.2.0.8(8155)
NVDtenda/fh1206_firmware1.2.0.8\(8155\)

🔴Vulnerability Details

2
GHSA
GHSA-rw9j-38rq-r4wq: A vulnerability was found in Tenda FH1206 12024-04-21
CVEList
Tenda FH1206 addressNat fromAddressNat buffer overflow2024-04-20
CVE-2024-4020 — Classic Buffer Overflow in Tenda Fh1206 | cvebase