A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
History

Mon, 25 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda i9 Firmware
CPEs cpe:2.3:o:tenda:i9_firmware:1.0.0.8\(3828\):*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda i9 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 25 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title Tenda i9 GetIPTV websReadEvent null pointer dereference
Weaknesses CWE-404
CWE-476
References
Metrics cvssV2_0

{'score': 6.8, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:C'}

cvssV3_0

{'score': 6.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-11-25T02:00:15.883Z

Updated: 2024-11-25T19:18:13.718Z

Reserved: 2024-11-24T15:03:41.995Z

Link: CVE-2024-11650

cve-icon Vulnrichment

Updated: 2024-11-25T19:13:53.392Z

cve-icon NVD

Status : Received

Published: 2024-11-25T03:15:06.707

Modified: 2024-11-25T03:15:06.707

Link: CVE-2024-11650

cve-icon Redhat

No data.