CVE-2024-42987Out-of-bounds Write in Fh1206 Firmware

CWE-787Out-of-bounds Write3 documents3 sources
Severity
7.5HIGHNVD
EPSS
8.4%
top 7.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda Fh1206 Firmware
Timeline
PublishedAug 15

Description

Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be l

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDtenda/fh1206_firmwarev02.03.1.35

🔴Vulnerability Details

2
CVEList
CVE-2024-42987: Tenda FH1206 v022024-08-15
GHSA
GHSA-3p4h-pcqj-f7fx: Tenda FH1206 v022024-08-15
CVE-2024-42987 — Out-of-bounds Write in Tenda | cvebase