Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-4020

A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published

2024-04-20T23:15:48.183

Last Modified

2025-03-06T16:33:07.790

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-120
  • Type: Primary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System tenda fh1206_firmware 1.2.0.8\(8155\) Yes
Hardware tenda fh1206 - No
References