Fh451 Firmware
CVE-2024-12002
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (vuldb) · only source for this CVE.
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-404. A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Affected products include: Tenda Fh451 Firmware, Tenda Fh1201 Firmware, Tenda Fh1202 Firmware, Tenda Fh1206 Firmware. Version information: up to 20241129..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Fh451 Firmware
View allTenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i. Rated critical severity (CV
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function. Rated critical severity (CV
CVE-2025-7434 is a critical stack-based buffer overflow vulnerability in Tenda FH451 wireless routers (versions up to 1.
CVE-2025-7506 is a critical stack-based buffer overflow vulnerability in Tenda FH451 router firmware version 1.0.0.9, ex
CVE-2025-7505 is a critical stack-based buffer overflow vulnerability in Tenda FH451 v1.0.0.9 affecting the HTTP POST re
Buffer overflow in Tenda FH451 firmware versions up to 1.0.0.9 allows authenticated remote attackers to achieve code exe
Stack overflow in Tenda FH451 firmware's setcfm function allows authenticated remote attackers to achieve complete syste
Remote code execution in Tenda FH451 firmware via stack-based buffer overflow in the WAN configuration endpoint allows u
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function. Rated high severity (CVSS 7.
Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. Rated medium severity (
Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm. Rated medium severity (CVSS 6.5), t
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Rated high severity (CVSS 8.7), this vulne
Same weakness CWE-404 – Improper Resource Shutdown or Release
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today