A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md | Third Party Advisory |
https://vuldb.com/?ctiid.281555 | Permissions Required VDB Entry |
https://vuldb.com/?id.281555 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.426417 | Third Party Advisory VDB Entry |
https://www.tenda.com.cn/ | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
01 Nov 2024, 14:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac10_firmware:16.03.10.20:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac9_firmware:15.03.06.42:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\(1307\):*:*:*:*:*:*:* cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac10_firmware:16.03.48.19:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac500:-:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac10:5.0:*:*:*:*:*:*:* cpe:2.3:h:tenda:ac9:1.0:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac9_firmware:15.03.2.13:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:* cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:* cpe:2.3:o:tenda:ac10_firmware:16.03.48.23:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac9_firmware:15.03.05.14:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:* cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:* |
|
Summary |
|
|
References | () https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md - Third Party Advisory | |
References | () https://vuldb.com/?ctiid.281555 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.281555 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.426417 - Third Party Advisory, VDB Entry | |
References | () https://www.tenda.com.cn/ - Product | |
First Time |
Tenda ac8 Firmware
Tenda ac10 Tenda ac8 Tenda ac7 Firmware Tenda ac7 Tenda ac500 Tenda ac9 Tenda Tenda ac9 Firmware Tenda ac18 Tenda ac6 Tenda ac10 Firmware Tenda ac15 Tenda ac1206 Tenda ac10u Tenda ac1206 Firmware Tenda ac500 Firmware Tenda ac10u Firmware Tenda ac15 Firmware Tenda ac6 Firmware Tenda ac18 Firmware |
|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.5 |
23 Oct 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-23 14:15
Updated : 2024-11-01 14:03
NVD link : CVE-2024-10280
Mitre link : CVE-2024-10280
CVE.ORG link : CVE-2024-10280
JSON object : View
Products Affected
tenda
- ac500_firmware
- ac8
- ac1206
- ac500
- ac15
- ac10
- ac10_firmware
- ac1206_firmware
- ac9_firmware
- ac7
- ac6_firmware
- ac15_firmware
- ac9
- ac6
- ac10u
- ac18_firmware
- ac7_firmware
- ac8_firmware
- ac10u_firmware
- ac18
CWE
CWE-476
NULL Pointer Dereference