CVE-2024-0540

Published: Jan 15, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Tenda: W9 Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda W9 Firmware	Version 1.0.0.7(4456)

Running on/with	Platform Versions
Tenda W9	All versions

Related CWEs

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://github.com/jylsec/vuldb/blob/main/Tenda/W9/5/README.md

Source: cna@vuldb.com

Broken LinkThird Party Advisory

https://vuldb.com/?ctiid.250710

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.250710

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://github.com/jylsec/vuldb/blob/main/Tenda/W9/5/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://vuldb.com/?ctiid.250710

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.250710

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party AdvisoryVDB Entry

Timeline

No history available yet.