CVE-2024-41462
published 2024-07-24CVE-2024-41462: Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.55%
41.9th percentile
Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tendacn | fh1201_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Tenda DhcpListClient page Parameter Buffer Overflow Attempt (CVE,2025-12236, CVE-2024-32293, CVE-2024-41462)
suricata·2025-06-17·CVSS 8.0
CVE-2024-32293 [HIGH] ET WEB_SPECIFIC_APPS Tenda DhcpListClient page Parameter Buffer Overflow Attempt (CVE,2025-12236, CVE-2024-32293, CVE-2024-41462)
ET WEB_SPECIFIC_APPS Tenda DhcpListClient page Parameter Buffer Overflow Attempt (CVE,2025-12236, CVE-2024-32293, CVE-2024-41462)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Tenda DhcpListClient page Parameter Buffer Overflow Attempt (CVE,2025-12236, CVE-2024-32293, CVE-2024-41462)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:22; content:"/goform/DhcpListClient"; fast_pattern; http.request_body; content:"page|3d|"; pcre:"/^[^&]{100,}(?:&|$)/R"; reference:cve,2024-32293; reference:url,github.com/WhereisDoujo/CVE/issues/1; reference:cve,2024-41462; reference:url,github.com/peris-navince/founded-0-days/blob/main/Tenda/ac500/fromDhcpListClient/1.md; reference:cve,2025-12236; classtype:web-application-attack; sid:2063028; rev:2; metadata:a
No public exploits indexed.
No writeups or analysis indexed.
2024-07-24
Published