CVE-2024-10280

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md Third Party Advisory
https://vuldb.com/?ctiid.281555 Permissions Required VDB Entry
https://vuldb.com/?id.281555 Third Party Advisory VDB Entry
https://vuldb.com/?submit.426417 Third Party Advisory VDB Entry
https://www.tenda.com.cn/ Product
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\(1307\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:tenda:ac9_firmware:15.03.2.13:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.05.14:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:1.0:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:tenda:ac9_firmware:15.03.06.42:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.10.20:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:tenda:ac10_firmware:16.03.48.19:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.48.23:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10:5.0:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*

History

01 Nov 2024, 14:03

Type Values Removed Values Added
CPE cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.10.20:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.06.42:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\(1307\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.48.19:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac500:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10:5.0:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac9:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.2.13:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.48.23:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac9_firmware:15.03.05.14:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*
Summary
  • (es) Se ha detectado una vulnerabilidad en Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 y AC1206 hasta 20241022. Se ha calificado como problemática. Este problema afecta a la función websReadEvent del archivo /goform/GetIPTV. La manipulación del argumento Content-Length provoca la desreferenciación de puntero nulo. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.
References () https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md - () https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md - Third Party Advisory
References () https://vuldb.com/?ctiid.281555 - () https://vuldb.com/?ctiid.281555 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.281555 - () https://vuldb.com/?id.281555 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.426417 - () https://vuldb.com/?submit.426417 - Third Party Advisory, VDB Entry
References () https://www.tenda.com.cn/ - () https://www.tenda.com.cn/ - Product
First Time Tenda ac8 Firmware
Tenda ac10
Tenda ac8
Tenda ac7 Firmware
Tenda ac7
Tenda ac500
Tenda ac9
Tenda
Tenda ac9 Firmware
Tenda ac18
Tenda ac6
Tenda ac10 Firmware
Tenda ac15
Tenda ac1206
Tenda ac10u
Tenda ac1206 Firmware
Tenda ac500 Firmware
Tenda ac10u Firmware
Tenda ac15 Firmware
Tenda ac6 Firmware
Tenda ac18 Firmware
CVSS v2 : 6.8
v3 : 6.5
v2 : 6.8
v3 : 7.5

23 Oct 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-23 14:15

Updated : 2024-11-01 14:03


NVD link : CVE-2024-10280

Mitre link : CVE-2024-10280

CVE.ORG link : CVE-2024-10280


JSON object : View

Products Affected

tenda

  • ac500
  • ac6_firmware
  • ac15_firmware
  • ac500_firmware
  • ac18_firmware
  • ac8
  • ac9_firmware
  • ac1206_firmware
  • ac15
  • ac10u
  • ac7
  • ac1206
  • ac6
  • ac10_firmware
  • ac8_firmware
  • ac9
  • ac18
  • ac10u_firmware
  • ac10
  • ac7_firmware
CWE
CWE-476

NULL Pointer Dereference