Lucene search

K
vulnrichmentVulDBVULNRICHMENT:CVE-2024-11650
HistoryNov 25, 2024 - 2:00 a.m.

CVE-2024-11650 Tenda i9 GetIPTV websReadEvent null pointer dereference

2024-11-2502:00:15
CWE-476
CWE-404
VulDB
github.com
1
tenda i9
getiptv
websreadevent
null pointer dereference
remote attack
disclosure

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS4

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

AI Score

7.2

Confidence

Low

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:tenda:i9_firmware:1.0.0.8\\(3828\\):*:*:*:*:*:*:*"
    ],
    "vendor": "tenda",
    "product": "i9_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0.8 (3828)"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS4

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

AI Score

7.2

Confidence

Low

SSVC

Exploitation

poc

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-11650