Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10280

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Published

2024-10-23T14:15:04.500

Last Modified

2024-11-01T14:03:20.267

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

6.9

Weaknesses

Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tenda	ac15_firmware	15.03.05.18	Yes
Operating System	tenda	ac15_firmware	15.03.05.19	Yes
Hardware	tenda	ac15	-	No
Operating System	tenda	ac7_firmware	15.03.06.44	Yes
Hardware	tenda	ac7	-	No
Operating System	tenda	ac10u_firmware	15.03.06.48	Yes
Operating System	tenda	ac10u_firmware	15.03.06.49	Yes
Hardware	tenda	ac10u	-	No
Operating System	tenda	ac500_firmware	1.0.0.14	Yes
Operating System	tenda	ac500_firmware	1.0.0.16	Yes
Operating System	tenda	ac500_firmware	2.0.1.9\(1307\)	Yes
Hardware	tenda	ac500	-	No
Operating System	tenda	ac18_firmware	15.03.05.05	Yes
Operating System	tenda	ac18_firmware	15.03.05.19\(6318\)	Yes
Hardware	tenda	ac18	-	No
Operating System	tenda	ac9_firmware	15.03.2.13	Yes
Operating System	tenda	ac9_firmware	15.03.05.14	Yes
Operating System	tenda	ac9_firmware	15.03.05.19\(6318\)	Yes
Hardware	tenda	ac9	1.0	No
Operating System	tenda	ac9_firmware	15.03.06.42	Yes
Hardware	tenda	ac9	3.0	No
Operating System	tenda	ac1206_firmware	15.03.06.23	Yes
Hardware	tenda	ac1206	-	No
Operating System	tenda	ac6_firmware	15.03.06.23	Yes
Hardware	tenda	ac6	2.0	No
Operating System	tenda	ac10_firmware	16.03.10.13	Yes
Operating System	tenda	ac10_firmware	16.03.10.20	Yes
Hardware	tenda	ac10	4.0	No
Operating System	tenda	ac10_firmware	16.03.48.19	Yes
Operating System	tenda	ac10_firmware	16.03.48.23	Yes
Hardware	tenda	ac10	5.0	No
Operating System	tenda	ac8_firmware	16.03.34.06	Yes
Operating System	tenda	ac8_firmware	16.03.34.09	Yes
Hardware	tenda	ac8	4.0	No

References

https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md Third Party Advisory ([email protected])
https://vuldb.com/?ctiid.281555 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.281555 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.426417 Third Party Advisory, VDB Entry ([email protected])
https://www.tenda.com.cn/ Product ([email protected])