CVE-2024-46431

Published: Feb 10, 2025Modified: Mar 25, 2025

8.0

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.

Affected (1)

Products: Tenda: W18e Firmware

Tenda

1 product

W18e Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda W18e Firmware	Version 16.01.0.8(1625)

Running on/with	Platform Versions
Tenda W18e	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://reddassolutions.com/blog/tenda_w18e_security_research

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.