CVE-2024-11650 | THREATINT

Description

A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Eine kritische Schwachstelle wurde in Tenda i9 1.0.0.8(3828) gefunden. Es geht hierbei um die Funktion websReadEvent der Datei /goform/GetIPTV. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2024-11-24 | Published 2024-11-25 | Updated 2024-11-25 | Assigner VulDB

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

MEDIUM: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8AV:N/AC:L/Au:S/C:N/I:N/A:C

Problem types

NULL Pointer Dereference

Denial of Service

Product status

1.0.0.8(3828)

affected

Timeline

2024-11-24:	Advisory disclosed
2024-11-24:	VulDB entry created
2024-11-24:	VulDB entry last update

Credits

xiaobor123 (VulDB User) reporter

References

vuldb.com/?id.285971 (VDB-285971 | Tenda i9 GetIPTV websReadEvent null pointer dereference) vdb-entry technical-description

vuldb.com/?ctiid.285971 (VDB-285971 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.446592 (Submit #446592 | Tenda i9 V1.0.0.8(3828) NULL Pointer Dereference) third-party-advisory

github.com/xiaobor123/tenda-vul-i9 exploit

www.tenda.com.cn/ product

cve.org (CVE-2024-11650)

nvd.nist.gov (CVE-2024-11650)

Download JSON