CVE-2024-0536
A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Published
2024-01-15T04:15:07.547
Last Modified
2024-11-21T08:46:49.177
Status
Modified
Source
[email protected]
Severity
CVSSv3.1: 8.8 (HIGH)
CVSSv2 Vector
AV:N/AC:L/Au:S/C:C/I:C/A:C
- Access Vector: NETWORK
- Access Complexity: LOW
- Authentication: SINGLE
- Confidentiality Impact: COMPLETE
- Integrity Impact: COMPLETE
- Availability Impact: COMPLETE
Exploitability Score
8.0
Impact Score
10.0
Weaknesses
-
Type: Secondary
CWE-121
-
Type: Primary
CWE-787
Affected Vendors & Products
| Type |
Vendor |
Product |
Version/Range |
Vulnerable? |
| Operating System |
tenda
|
w9_firmware
|
1.0.0.7\(4456\) |
Yes
|
| Hardware |
tenda
|
w9
|
- |
No
|
References
-
https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md
Broken Link, Third Party Advisory
([email protected])
-
https://vuldb.com/?ctiid.250706
Permissions Required, Third Party Advisory, VDB Entry
([email protected])
-
https://vuldb.com/?id.250706
Permissions Required, Third Party Advisory, VDB Entry
([email protected])
-
https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md
Broken Link, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://vuldb.com/?ctiid.250706
Permissions Required, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
https://vuldb.com/?id.250706
Permissions Required, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)