Common Weakness Enumeration

CWE-121

Allowed

Stack-based Buffer Overflow

Abstraction: Variant · Status: Draft

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

5214 vulnerabilities reference this CWE, most recent first.

CVE-2024-8224 (GCVE-0-2024-8224)

Vulnerability from cvelistv5 – Published: 2024-08-27 23:00 – Updated: 2024-08-28 15:18
VLAI
Title
Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.275933 vdb-entrytechnical-description
https://vuldb.com/?ctiid.275933 signaturepermissions-required
https://vuldb.com/?submit.393999 third-party-advisory
https://github.com/abcdefg-png/AHU-IoT-vulnerable… exploit
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda G3 Affected: 15.11.0.20
Create a notification for this product.
tenda g3_firmware Affected: 15.11.0.20
    cpe:2.3:o:tenda:g3_firmware:15.11.0.20:*:*:*:*:*:*:*
Create a notification for this product.
Credits
wxhwxhwxh_tutu (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:g3_firmware:15.11.0.20:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "g3_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "15.11.0.20"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8224",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T15:17:51.613655Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T15:18:02.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "G3",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.11.0.20"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "wxhwxhwxh_tutu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Tenda G3 15.11.0.20 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion formSetDebugCfg der Datei /goform/setDebugCfg. Durch das Beeinflussen des Arguments enable/level/module mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-27T23:00:07.675Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-275933 | Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.275933"
        },
        {
          "name": "VDB-275933 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.275933"
        },
        {
          "name": "Submit #393999 | Tenda G3V3.0 V15.11.0.20 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.393999"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetDebugCfg.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-27T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-27T15:17:27.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-8224",
    "datePublished": "2024-08-27T23:00:07.675Z",
    "dateReserved": "2024-08-27T13:11:58.086Z",
    "dateUpdated": "2024-08-28T15:18:02.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7994 (GCVE-0-2024-7994)

Vulnerability from cvelistv5 – Published: 2024-10-16 21:47 – Updated: 2025-01-28 20:10
VLAI
Title
Stack-Based Buffer Overflow Vulnerability in Autodesk Revit
Summary
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk Revit Affected: 2025 , < 2025.3 (custom)
Affected: 2024 , < 2024.3 (custom)
Affected: 2023 , < 2023.1.6 (custom)
Affected: 2022 , < 2022.1.8 (custom)
Create a notification for this product.
autodesk revit Affected: 2024
Affected: 2025
    cpe:2.3:a:autodesk:revit:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:revit:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "revit",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2024"
              },
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7994",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-18T17:59:24.381901Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-18T18:01:01.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.3",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.3",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.6",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.8",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T20:10:30.617Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0017"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Stack-Based Buffer Overflow Vulnerability in Autodesk Revit",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7994",
    "datePublished": "2024-10-16T21:47:51.258Z",
    "dateReserved": "2024-08-19T21:37:10.490Z",
    "dateUpdated": "2025-01-28T20:10:30.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7992 (GCVE-0-2024-7992)

Vulnerability from cvelistv5 – Published: 2024-10-29 21:50 – Updated: 2025-08-26 18:24
VLAI
Title
Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD LT Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk DWG TrueView Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
    cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk RealDWG Affected: 2025 , < 2025.1.1 (custom)
Affected: 2024 , < 2024.1.7 (custom)
    cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:realdwg:2024:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7992",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:27.431632Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:00:32.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:realdwg:2024:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "RealDWG",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.1",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWG file, when parsed\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T18:24:31.298Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7992",
    "datePublished": "2024-10-29T21:50:13.232Z",
    "dateReserved": "2024-08-19T21:37:08.684Z",
    "dateUpdated": "2025-08-26T18:24:31.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7909 (GCVE-0-2024-7909)

Vulnerability from cvelistv5 – Published: 2024-08-18 18:00 – Updated: 2024-08-21 18:16
VLAI
Title
TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow
Summary
A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.275035 vdb-entrytechnical-description
https://vuldb.com/?ctiid.275035 signaturepermissions-required
https://vuldb.com/?submit.388436 third-party-advisory
https://github.com/BeaCox/IoT_vuln/tree/main/toto… exploit
https://www.totolink.net/ product
Impacted products
Vendor Product Version
TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
Create a notification for this product.
totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
    cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
Create a notification for this product.
Credits
BeaCox (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ex1200l_firmware",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.5u.6146_b20201023"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7909",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T17:47:52.964972Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-19T17:49:20.127Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EX1200L",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.5u.6146_B20201023"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "BeaCox (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In TOTOLINK EX1200L 9.3.5u.6146_B20201023 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion setLanguageCfg der Datei /www/cgi-bin/cstecgi.cgi. Mit der Manipulation des Arguments langType mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-21T18:16:05.783Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-275035 | TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.275035"
        },
        {
          "name": "VDB-275035 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.275035"
        },
        {
          "name": "Submit #388436 | TOTOLINK EX1200L V9.3.5u.6146_B20201023 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.388436"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setLanguageCfg_bof"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.totolink.net/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-17T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-19T14:44:33.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7909",
    "datePublished": "2024-08-18T18:00:07.558Z",
    "dateReserved": "2024-08-17T17:09:37.974Z",
    "dateUpdated": "2024-08-21T18:16:05.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7908 (GCVE-0-2024-7908)

Vulnerability from cvelistv5 – Published: 2024-08-18 17:00 – Updated: 2024-08-19 13:39
VLAI
Title
TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow
Summary
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.275034 vdb-entrytechnical-description
https://vuldb.com/?ctiid.275034 signaturepermissions-required
https://vuldb.com/?submit.388435 third-party-advisory
https://github.com/BeaCox/IoT_vuln/tree/main/toto… exploit
Impacted products
Vendor Product Version
TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
Create a notification for this product.
totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
    cpe:2.3:o:totolink:ex1200l_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
BeaCox (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:totolink:ex1200l_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ex1200l_firmware",
            "vendor": "totolink",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.5u.6146_b20201023"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7908",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T13:37:17.233476Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-19T13:39:15.433Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EX1200L",
          "vendor": "TOTOLINK",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.5u.6146_B20201023"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "BeaCox (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in TOTOLINK EX1200L 9.3.5u.6146_B20201023 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion setDefResponse der Datei /www/cgi-bin/cstecgi.cgi. Dank Manipulation des Arguments IpAddress mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-18T17:00:05.376Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-275034 | TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.275034"
        },
        {
          "name": "VDB-275034 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.275034"
        },
        {
          "name": "Submit #388435 | TOTOLINK EX1200L V9.3.5u.6146_B20201023 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.388435"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setDefResponse_bof"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-17T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-17T19:14:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7908",
    "datePublished": "2024-08-18T17:00:05.376Z",
    "dateReserved": "2024-08-17T17:09:35.177Z",
    "dateUpdated": "2024-08-19T13:39:15.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7795 (GCVE-0-2024-7795)

Vulnerability from cvelistv5 – Published: 2024-08-21 16:02 – Updated: 2024-08-22 13:33
VLAI
Title
Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Summary
Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the AppAuthenExchangeRandomNum BLE command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23384.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
Autel MaxiCharger AC Elite Business C50 Affected: 1.32.00
Create a notification for this product.
autel maxicharger_ac_elite_business_c50 Affected: 1.32.00
    cpe:2.3:a:autel:maxicharger_ac_elite_business_c50:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-20 19:41
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autel:maxicharger_ac_elite_business_c50:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "maxicharger_ac_elite_business_c50",
            "vendor": "autel",
            "versions": [
              {
                "status": "affected",
                "version": "1.32.00"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-22T13:30:19.807620Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-22T13:33:48.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "MaxiCharger AC Elite Business C50",
          "vendor": "Autel",
          "versions": [
            {
              "status": "affected",
              "version": "1.32.00"
            }
          ]
        }
      ],
      "dateAssigned": "2024-08-14T14:19:29.875Z",
      "datePublic": "2024-08-20T19:41:42.035Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the AppAuthenExchangeRandomNum BLE command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23384."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-21T16:02:35.051Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-1154",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1154/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Midnight Blue / PHP Hooligans"
      },
      "title": "Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-7795",
    "datePublished": "2024-08-21T16:02:35.051Z",
    "dateReserved": "2024-08-14T14:19:29.836Z",
    "dateUpdated": "2024-08-22T13:33:48.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7784 (GCVE-0-2024-7784)

Vulnerability from cvelistv5 – Published: 2024-09-10 05:14 – Updated: 2025-03-28 07:23
VLAI
Summary
During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Axis Communications AB AXIS OS Affected: 10.9.0 , < 10.12.246 (semver)
Affected: 11.0.0 , < 11.11.80 (semver)
Affected: 12.0.0 , < 12.0.40 (semver)
Create a notification for this product.
Axis Communications AB AXIS OS Affected: 11.11.0 , < 11.11.80 (semver)
Affected: 12.0.0 , < 12.0.47 (semver)
Create a notification for this product.
Axis Communications AB AXIS OS Affected: 10.10.0 , < 10.12.247 (semver)
Affected: 11.0.0 , < 11.11.85 (semver)
Affected: 12.0.0 , < 12.0.47 (semver)
Create a notification for this product.
Axis Communications AB AXIS OS Affected: 11.8.0 , < 11.11.85 (semver)
Affected: 12.0.0 , < 12.0.47 (semver)
Create a notification for this product.
axis axis_os Affected: 10.9 , < 11.11 (custom)
Affected: 10.10 , < 11.11 (custom)
Affected: 11.8 , < 11.11 (custom)
    cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*
Create a notification for this product.
axis axis_os Affected: 11.11
    cpe:2.3:o:axis:axis_os:11.11:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "axis_os",
            "vendor": "axis",
            "versions": [
              {
                "lessThan": "11.11",
                "status": "affected",
                "version": "10.9",
                "versionType": "custom"
              },
              {
                "lessThan": "11.11",
                "status": "affected",
                "version": "10.10",
                "versionType": "custom"
              },
              {
                "lessThan": "11.11",
                "status": "affected",
                "version": "11.8",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:axis:axis_os:11.11:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "axis_os",
            "vendor": "axis",
            "versions": [
              {
                "status": "affected",
                "version": "11.11"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T18:09:41.112495Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T18:28:46.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "ARTPEC 8"
          ],
          "product": "AXIS OS",
          "vendor": "Axis Communications AB",
          "versions": [
            {
              "lessThan": "10.12.246",
              "status": "affected",
              "version": "10.9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.11.80",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.0.40",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "i.MX8 QP"
          ],
          "product": "AXIS OS",
          "vendor": "Axis Communications AB",
          "versions": [
            {
              "lessThan": "11.11.80",
              "status": "affected",
              "version": "11.11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.0.47",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "i.MX6 SX",
            "i.MX6 ULL"
          ],
          "product": "AXIS OS",
          "vendor": "Axis Communications AB",
          "versions": [
            {
              "lessThan": "10.12.247",
              "status": "affected",
              "version": "10.10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.11.85",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.0.47",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "i.MX8M Mini",
            "i.MX8M Nano UL"
          ],
          "product": "AXIS OS",
          "vendor": "Axis Communications AB",
          "versions": [
            {
              "lessThan": "11.11.85",
              "status": "affected",
              "version": "11.8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.0.47",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
            }
          ],
          "value": "During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis\u0027 knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-28T07:23:28.450Z",
        "orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
        "shortName": "Axis"
      },
      "references": [
        {
          "url": "https://www.axis.com/dam/public/ba/5f/4e/cve-2024-7784-en-US-448998.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
    "assignerShortName": "Axis",
    "cveId": "CVE-2024-7784",
    "datePublished": "2024-09-10T05:14:33.855Z",
    "dateReserved": "2024-08-14T07:55:10.630Z",
    "dateUpdated": "2025-03-28T07:23:28.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7707 (GCVE-0-2024-7707)

Vulnerability from cvelistv5 – Published: 2024-08-13 00:00 – Updated: 2024-08-14 16:11
VLAI
Title
Tenda FH1206 HTTP POST Request SafeEmailFilter formSafeEmailFilter stack-based overflow
Summary
A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.274190 vdb-entrytechnical-description
https://vuldb.com/?ctiid.274190 signaturepermissions-required
https://vuldb.com/?submit.385670 third-party-advisory
https://github.com/VodkaVortex/IoT/blob/main/form… exploit
Impacted products
Vendor Product Version
Tenda FH1206 Affected: 02.03.01.35
Create a notification for this product.
tenda fh1206_firmware Affected: 02.03.01.35
    cpe:2.3:a:tenda:fh1206_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Yangshuangning (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:tenda:fh1206_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fh1206_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "02.03.01.35"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7707",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T16:02:09.859423Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T16:11:06.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "HTTP POST Request Handler"
          ],
          "product": "FH1206",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "02.03.01.35"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yangshuangning (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Tenda FH1206 02.03.01.35 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion formSafeEmailFilter der Datei /goform/SafeEmailFilter der Komponente HTTP POST Request Handler. Durch Manipulation des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T00:00:07.511Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-274190 | Tenda FH1206 HTTP POST Request SafeEmailFilter formSafeEmailFilter stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.274190"
        },
        {
          "name": "VDB-274190 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.274190"
        },
        {
          "name": "Submit #385670 | Tenda FH1206 V02.03.01.35 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.385670"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/VodkaVortex/IoT/blob/main/formSafeEmailFilter.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-12T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-12T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-12T18:18:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda FH1206 HTTP POST Request SafeEmailFilter formSafeEmailFilter stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7707",
    "datePublished": "2024-08-13T00:00:07.511Z",
    "dateReserved": "2024-08-12T16:13:45.110Z",
    "dateUpdated": "2024-08-14T16:11:06.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7615 (GCVE-0-2024-7615)

Vulnerability from cvelistv5 – Published: 2024-08-08 22:31 – Updated: 2024-08-09 14:49
VLAI
Title
Tenda FH1206 fromSafeUrlFilter stack-based overflow
Summary
A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.273985 vdb-entrytechnical-description
https://vuldb.com/?ctiid.273985 signaturepermissions-required
https://vuldb.com/?submit.383693 third-party-advisory
https://github.com/BeaCox/IoT_vuln/tree/main/tend… exploit
Impacted products
Vendor Product Version
Tenda FH1206 Affected: 1.2.0.8
Create a notification for this product.
tenda fh1206_firmware Affected: 1.2.0.8\(8155\)
    cpe:2.3:o:tenda:fh1206_firmware:1.2.0.8\(8155\):*:*:*:*:*:*:*
Create a notification for this product.
Credits
BeaCox (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:fh1206_firmware:1.2.0.8\\(8155\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fh1206_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.0.8\\(8155\\)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7615",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T14:48:38.337744Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-09T14:49:47.340Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FH1206",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0.8"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "BeaCox (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda FH1206 1.2.0.8 wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. Durch Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-08T22:31:05.314Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-273985 | Tenda FH1206 fromSafeUrlFilter stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.273985"
        },
        {
          "name": "VDB-273985 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.273985"
        },
        {
          "name": "Submit #383693 | Tenda FH1206 1.2.0.8 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.383693"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/Safe_Client_or_Url_or_Mac_Filter_bof"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-08T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-08T16:33:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda FH1206 fromSafeUrlFilter stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7615",
    "datePublished": "2024-08-08T22:31:05.314Z",
    "dateReserved": "2024-08-08T14:28:37.978Z",
    "dateUpdated": "2024-08-09T14:49:47.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7614 (GCVE-0-2024-7614)

Vulnerability from cvelistv5 – Published: 2024-08-08 22:31 – Updated: 2024-08-15 17:19
VLAI
Title
Tenda FH1206 qossetting fromqossetting stack-based overflow
Summary
A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.273984 vdb-entrytechnical-description
https://vuldb.com/?ctiid.273984 signaturepermissions-required
https://vuldb.com/?submit.383692 third-party-advisory
https://github.com/BeaCox/IoT_vuln/tree/main/tend… exploit
Impacted products
Vendor Product Version
Tenda FH1206 Affected: 1.2.0.8(8155)
Create a notification for this product.
tenda fh1206_firmware Affected: 1.2.0.8(8155)
    cpe:2.3:o:tenda:fh1206_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
BeaCox (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:fh1206_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fh1206_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.0.8(8155)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7614",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T17:25:15.765728Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T17:19:10.011Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FH1206",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0.8(8155)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "BeaCox (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine kritische Schwachstelle in Tenda FH1206 1.2.0.8(8155) ausgemacht. Betroffen hiervon ist die Funktion fromqossetting der Datei /goform/qossetting. Durch das Manipulieren des Arguments page mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-08T22:31:03.812Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-273984 | Tenda FH1206 qossetting fromqossetting stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.273984"
        },
        {
          "name": "VDB-273984 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.273984"
        },
        {
          "name": "Submit #383692 | Tenda FH1206 1.2.0.8 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.383692"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/BeaCox/IoT_vuln/tree/main/tenda/FH1206/qossetting_bof"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-08T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-08T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-08T16:33:44.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda FH1206 qossetting fromqossetting stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7614",
    "datePublished": "2024-08-08T22:31:03.812Z",
    "dateReserved": "2024-08-08T14:28:35.326Z",
    "dateUpdated": "2024-08-15T17:19:10.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.

Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.