Common Weakness Enumeration

CWE-121

Allowed

Stack-based Buffer Overflow

Abstraction: Variant · Status: Draft

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

5213 vulnerabilities reference this CWE, most recent first.

CVE-2024-11048 (GCVE-0-2024-11048)

Vulnerability from cvelistv5 – Published: 2024-11-10 04:00 – Updated: 2024-11-12 15:46
VLAI
Title
D-Link DI-8003 dbsrv.asp dbsrv_asp stack-based overflow
Summary
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.283634 vdb-entrytechnical-description
https://vuldb.com/?ctiid.283634 signaturepermissions-required
https://vuldb.com/?submit.434936 third-party-advisory
https://github.com/theRaz0r/iot-mycve/blob/main/D… exploit
https://www.dlink.com/ product
Impacted products
Vendor Product Version
D-Link DI-8003 Affected: 16.07.16A1
Create a notification for this product.
d-link di-8003_firmware Affected: 16.07.16a1
    cpe:2.3:o:d-link:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*
Create a notification for this product.
Credits
theRaz0r (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:d-link:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "di-8003_firmware",
            "vendor": "d-link",
            "versions": [
              {
                "status": "affected",
                "version": "16.07.16a1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11048",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T15:44:15.502899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T15:46:02.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DI-8003",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "16.07.16A1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "theRaz0r (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in D-Link DI-8003 16.07.16A1 ausgemacht. Hierbei geht es um die Funktion dbsrv_asp der Datei /dbsrv.asp. Durch Beeinflussen des Arguments str mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-10T04:00:10.367Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-283634 | D-Link DI-8003 dbsrv.asp dbsrv_asp stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.283634"
        },
        {
          "name": "VDB-283634 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.283634"
        },
        {
          "name": "Submit #434936 | D-Link DI8003 16.07.16A1 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.434936"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink-DI8003-stackoverflow-dbsrv.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-11-09T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-11-09T09:13:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DI-8003 dbsrv.asp dbsrv_asp stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-11048",
    "datePublished": "2024-11-10T04:00:10.367Z",
    "dateReserved": "2024-11-09T08:08:36.541Z",
    "dateUpdated": "2024-11-12T15:46:02.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11047 (GCVE-0-2024-11047)

Vulnerability from cvelistv5 – Published: 2024-11-10 03:31 – Updated: 2024-11-12 15:46
VLAI
Title
D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp stack-based overflow
Summary
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.283633 vdb-entrytechnical-description
https://vuldb.com/?ctiid.283633 signaturepermissions-required
https://vuldb.com/?submit.434931 third-party-advisory
https://github.com/theRaz0r/iot-mycve/blob/main/D… exploit
https://www.dlink.com/ product
Impacted products
Vendor Product Version
D-Link DI-8003 Affected: 16.07.16A1
Create a notification for this product.
d-link di-8003_firmware Affected: 16.07.16a1
    cpe:2.3:o:d-link:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*
Create a notification for this product.
Credits
theRaz0r (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:d-link:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "di-8003_firmware",
            "vendor": "d-link",
            "versions": [
              {
                "status": "affected",
                "version": "16.07.16a1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11047",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T15:44:21.435500Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T15:46:48.981Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DI-8003",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "16.07.16A1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "theRaz0r (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "In D-Link DI-8003 16.07.16A1 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um die Funktion upgrade_filter_asp der Datei /upgrade_filter.asp. Durch das Beeinflussen des Arguments path mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-10T03:31:04.900Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-283633 | D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.283633"
        },
        {
          "name": "VDB-283633 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.283633"
        },
        {
          "name": "Submit #434931 | Dlink DI8003 16.07.16A1 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.434931"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink_DI8003_stackoverflow.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-11-09T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-11-09T09:13:43.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-11047",
    "datePublished": "2024-11-10T03:31:04.900Z",
    "dateReserved": "2024-11-09T08:08:34.041Z",
    "dateUpdated": "2024-11-12T15:46:48.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10918 (GCVE-0-2024-10918)

Vulnerability from cvelistv5 – Published: 2025-02-27 11:44 – Updated: 2025-11-03 20:36
VLAI
Title
Stack-based Buffer Overflow in libmodbus library
Summary
Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
libmodbus libmodbus Affected: 0 , ≤ 3.1.10 (semver)
Create a notification for this product.
Credits
Gabriele Quagliarella of Nozomi Networks found this bug during a security research activity.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10918",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T14:46:41.226453Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T14:46:51.404Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:36:25.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://libmodbus.org/",
          "defaultStatus": "unaffected",
          "modules": [
            "modbus"
          ],
          "product": "libmodbus",
          "programFiles": [
            "modbus.c"
          ],
          "programRoutines": [
            {
              "name": "modbus_reply"
            }
          ],
          "repo": "https://github.com/stephane/libmodbus",
          "vendor": "libmodbus",
          "versions": [
            {
              "lessThanOrEqual": "3.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gabriele Quagliarella of Nozomi Networks found this bug during a security research activity."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response \u003cspan style=\"background-color: var(--wht);\"\u003eif the function tries to reply to a Modbus request with an\nunexpected length\u003c/span\u003e."
            }
          ],
          "value": "Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an\nunexpected length."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T11:44:25.170Z",
        "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "shortName": "Nozomi"
      },
      "references": [
        {
          "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-10918"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To fix this issue, it\u0027s suggested to update libmodbus to v3.1.11"
            }
          ],
          "value": "To fix this issue, it\u0027s suggested to update libmodbus to v3.1.11"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Stack-based Buffer Overflow in libmodbus library",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
    "assignerShortName": "Nozomi",
    "cveId": "CVE-2024-10918",
    "datePublished": "2025-02-27T11:44:25.170Z",
    "dateReserved": "2024-11-06T09:29:36.151Z",
    "dateUpdated": "2025-11-03T20:36:25.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10698 (GCVE-0-2024-10698)

Vulnerability from cvelistv5 – Published: 2024-11-02 13:31 – Updated: 2024-11-05 15:20
VLAI
Title
Tenda AC6 SetOnlineDevName formSetDeviceName stack-based overflow
Summary
A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.282866 vdb-entrytechnical-description
https://vuldb.com/?ctiid.282866 signaturepermissions-required
https://vuldb.com/?submit.434935 third-party-advisory
https://github.com/theRaz0r/iot-mycve/blob/main/t… exploit
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda AC6 Affected: 15.03.05.19
Create a notification for this product.
tenda ac6_firmware Affected: 15.03.05.19
    cpe:2.3:o:tenda:ac6_firmware:15.03.05.19:*:*:*:*:*:*:*
Create a notification for this product.
Credits
theRaz0r (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:ac6_firmware:15.03.05.19:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ac6_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "15.03.05.19"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10698",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T15:20:09.420551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:20:38.088Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AC6",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.03.05.19"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "theRaz0r (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Tenda AC6 15.03.05.19 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion formSetDeviceName der Datei /goform/SetOnlineDevName. Dank Manipulation des Arguments devName mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-02T13:31:07.358Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-282866 | Tenda AC6 SetOnlineDevName formSetDeviceName stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.282866"
        },
        {
          "name": "VDB-282866 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.282866"
        },
        {
          "name": "Submit #434935 | Tenda AC6 V15.03.05.19 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.434935"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_stackflow_formSetDeviceName/tenda_ac6_stackflow_formSetDeviceName.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-11-01T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-11-01T18:06:51.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda AC6 SetOnlineDevName formSetDeviceName stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-10698",
    "datePublished": "2024-11-02T13:31:07.358Z",
    "dateReserved": "2024-11-01T17:01:44.965Z",
    "dateUpdated": "2024-11-05T15:20:38.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10662 (GCVE-0-2024-10662)

Vulnerability from cvelistv5 – Published: 2024-11-01 16:00 – Updated: 2024-11-05 15:25
VLAI
Title
Tenda AC15 SetOnlineDevName formSetDeviceName stack-based overflow
Summary
A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.282677 vdb-entrytechnical-description
https://vuldb.com/?ctiid.282677 signaturepermissions-required
https://vuldb.com/?submit.434933 third-party-advisory
https://github.com/theRaz0r/iot-mycve/blob/main/t… exploit
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda AC15 Affected: 15.03.05.19
Create a notification for this product.
tenda ac15_firmware Affected: 15.03.05.19
    cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
Create a notification for this product.
Credits
theRaz0r (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ac15_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "15.03.05.19"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10662",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-01T19:06:25.331828Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:25:38.625Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AC15",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.03.05.19"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "theRaz0r (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in Tenda AC15 15.03.05.19 gefunden. Dies betrifft die Funktion formSetDeviceName der Datei /goform/SetOnlineDevName. Durch Beeinflussen des Arguments devName mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-01T16:00:16.399Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-282677 | Tenda AC15 SetOnlineDevName formSetDeviceName stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.282677"
        },
        {
          "name": "VDB-282677 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.282677"
        },
        {
          "name": "Submit #434933 | Tenda AC15 V15.03.05.19 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.434933"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac15_stackflow_formSetDeviceName/tenda_ac15_stackflow_formSetDeviceName.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-11-01T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-11-01T10:18:55.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda AC15 SetOnlineDevName formSetDeviceName stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-10662",
    "datePublished": "2024-11-01T16:00:16.399Z",
    "dateReserved": "2024-11-01T09:13:49.387Z",
    "dateUpdated": "2024-11-05T15:25:38.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10661 (GCVE-0-2024-10661)

Vulnerability from cvelistv5 – Published: 2024-11-01 16:00 – Updated: 2024-11-05 15:26
VLAI
Title
Tenda AC15 SetDlnaCfg stack-based overflow
Summary
A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.282676 vdb-entrytechnical-description
https://vuldb.com/?ctiid.282676 signaturepermissions-required
https://vuldb.com/?submit.434932 third-party-advisory
https://github.com/theRaz0r/iot-mycve/blob/main/t… exploit
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda AC15 Affected: 15.03.05.19
Create a notification for this product.
tenda ac15_firmware Affected: 15.03.05.19
    cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
Create a notification for this product.
Credits
theRaz0r (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ac15_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "15.03.05.19"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10661",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-01T19:06:43.033160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:26:23.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AC15",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.03.05.19"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "theRaz0r (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "In Tenda AC15 15.03.05.19 wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion SetDlnaCfg der Datei /goform/SetDlnaCfg. Durch das Beeinflussen des Arguments scanList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-01T16:00:13.148Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-282676 | Tenda AC15 SetDlnaCfg stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.282676"
        },
        {
          "name": "VDB-282676 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.282676"
        },
        {
          "name": "Submit #434932 | Tenda AC15 V15.03.05.19 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.434932"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac15_stackflow_formDLNAserver/tenda_ac15_stackflow_formDLNAserver.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-11-01T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-11-01T10:18:54.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda AC15 SetDlnaCfg stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-10661",
    "datePublished": "2024-11-01T16:00:13.148Z",
    "dateReserved": "2024-11-01T09:13:46.982Z",
    "dateUpdated": "2024-11-05T15:26:23.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10434 (GCVE-0-2024-10434)

Vulnerability from cvelistv5 – Published: 2024-10-28 00:31 – Updated: 2024-10-28 13:00
VLAI
Title
Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow
Summary
A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.281985 vdb-entrytechnical-description
https://vuldb.com/?ctiid.281985 signaturepermissions-required
https://vuldb.com/?submit.431291 third-party-advisory
https://github.com/physicszq/Routers/blob/main/Te… exploit
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda AC1206 Affected: 20241027
Create a notification for this product.
tenda ac1206 Affected: 20241027
    cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
physicszq (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ac1206",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "20241027"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10434",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T12:59:43.912430Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T13:00:50.500Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AC1206",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "20241027"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "physicszq (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Tenda AC1206 bis 20241027 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 der Datei /goform/ate. Dank der Manipulation des Arguments arg mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-28T00:31:05.947Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-281985 | Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.281985"
        },
        {
          "name": "VDB-281985 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.281985"
        },
        {
          "name": "Submit #431291 | tenda tenda router   AC1206 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.431291"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/physicszq/Routers/blob/main/Tenda/README.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-10-27T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-10-27T08:26:44.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-10434",
    "datePublished": "2024-10-28T00:31:05.947Z",
    "dateReserved": "2024-10-27T07:21:32.313Z",
    "dateUpdated": "2024-10-28T13:00:50.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10351 (GCVE-0-2024-10351)

Vulnerability from cvelistv5 – Published: 2024-10-24 23:31 – Updated: 2024-10-25 20:50
VLAI
Title
Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow
Summary
A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.281699 vdb-entrytechnical-description
https://vuldb.com/?ctiid.281699 signaturepermissions-required
https://vuldb.com/?submit.427706 third-party-advisory
https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda RX9 Pro Affected: 22.03.02.20
Create a notification for this product.
tenda rx9_pro_firmware Affected: 22.03.02.20
    cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*
Create a notification for this product.
Credits
GuoXB (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rx9_pro_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "22.03.02.20"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T20:00:12.566902Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T20:50:14.294Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "POST Request Handler"
          ],
          "product": "RX9 Pro",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "22.03.02.20"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "GuoXB (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Tenda RX9 Pro 22.03.02.20 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion sub_424CE0 der Datei /goform/setMacFilterCfg der Komponente POST Request Handler. Dank der Manipulation des Arguments deviceList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-24T23:31:11.527Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-281699 | Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.281699"
        },
        {
          "name": "VDB-281699 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.281699"
        },
        {
          "name": "Submit #427706 | Tenda Rx9 Router RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.427706"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-24T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-10-24T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-10-24T17:39:44.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-10351",
    "datePublished": "2024-10-24T23:31:11.527Z",
    "dateReserved": "2024-10-24T15:34:29.365Z",
    "dateUpdated": "2024-10-25T20:50:14.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10283 (GCVE-0-2024-10283)

Vulnerability from cvelistv5 – Published: 2024-10-23 15:00 – Updated: 2024-10-23 17:33
VLAI
Title
Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.281558 vdb-entrytechnical-description
https://vuldb.com/?ctiid.281558 signaturepermissions-required
https://vuldb.com/?submit.427064 third-party-advisory
https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda RX9 Affected: 22.03.02.20
Create a notification for this product.
Tenda RX9 Pro Affected: 22.03.02.20
Create a notification for this product.
tenda rx9_pro Affected: 22.03.02.20
    cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
Create a notification for this product.
tenda rx9 Affected: 22.03.02.20
    cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
GuoXB (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rx9_pro",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "22.03.02.20"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rx9",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "22.03.02.20"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10283",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T17:30:46.351880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T17:33:05.674Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RX9",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "22.03.02.20"
            }
          ]
        },
        {
          "product": "RX9 Pro",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "22.03.02.20"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "GuoXB (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in Tenda RX9 and RX9 Pro 22.03.02.20 entdeckt. Betroffen davon ist die Funktion sub_4337EC der Datei /goform/SetNetControlList. Mit der Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-23T15:00:12.454Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-281558 | Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.281558"
        },
        {
          "name": "VDB-281558 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.281558"
        },
        {
          "name": "Submit #427064 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.427064"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetNetControlList.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-23T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-10-23T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-10-23T08:12:57.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-10283",
    "datePublished": "2024-10-23T15:00:12.454Z",
    "dateReserved": "2024-10-23T06:07:52.411Z",
    "dateUpdated": "2024-10-23T17:33:05.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10282 (GCVE-0-2024-10282)

Vulnerability from cvelistv5 – Published: 2024-10-23 14:31 – Updated: 2024-10-23 17:51
VLAI
Title
Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow
Summary
A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.281557 vdb-entrytechnical-description
https://vuldb.com/?ctiid.281557 signaturepermissions-required
https://vuldb.com/?submit.427066 third-party-advisory
https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda RX9 Affected: 22.03.02.10
Affected: 22.03.02.20
Create a notification for this product.
Tenda RX9 Pro Affected: 22.03.02.10
Affected: 22.03.02.20
Create a notification for this product.
tenda rx9 Affected: 22.03.02.10
Affected: 22.03.02.20
    cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*
Create a notification for this product.
tenda rx9_pro Affected: 22.03.02.10
Affected: 22.03.02.20
    cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
GuoXB (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rx9",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "22.03.02.10"
              },
              {
                "status": "affected",
                "version": "22.03.02.20"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rx9_pro",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "22.03.02.10"
              },
              {
                "status": "affected",
                "version": "22.03.02.20"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10282",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T17:50:18.481537Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T17:51:56.577Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RX9",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "22.03.02.10"
            },
            {
              "status": "affected",
              "version": "22.03.02.20"
            }
          ]
        },
        {
          "product": "RX9 Pro",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "22.03.02.10"
            },
            {
              "status": "affected",
              "version": "22.03.02.20"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "GuoXB (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "In Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion sub_42EA38 der Datei /goform/SetVirtualServerCfg. Dank Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-23T14:31:24.051Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-281557 | Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.281557"
        },
        {
          "name": "VDB-281557 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.281557"
        },
        {
          "name": "Submit #427066 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.10\u3001RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.427066"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-23T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-10-23T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-10-23T08:12:46.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-10282",
    "datePublished": "2024-10-23T14:31:24.051Z",
    "dateReserved": "2024-10-23T06:07:37.708Z",
    "dateUpdated": "2024-10-23T17:51:56.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.

Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.