| Title | Tenda AC8v4 V16.03.34.06 NULL Pointer Dereference |
|---|
| Description | A vulnerability has been identified in Tenda AC8v4 firmware version V16.03.34.06. The issue resides within the websReadEvent function, where the strlen function is invoked with a null pointer. This improper handling results in a segmentation fault due to the internal dereference of the null pointer. The vulnerability is exploitable remotely, and an exploit has been publicly disclosed, allowing potential attackers to leverage this flaw. |
|---|
| Source | ⚠️ https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md |
|---|
| User | minipython (UID 75988) |
|---|
| Submission | 10/18/2024 15:15 (2 years ago) |
|---|
| Moderation | 10/23/2024 08:02 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 281555 [Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 up to 20241022 /goform/GetIPTV websReadEvent Content-Length null pointer dereference] |
|---|
| Points | 20 |
|---|