Common Weakness Enumeration

CWE-121

Allowed

Stack-based Buffer Overflow

Abstraction: Variant · Status: Draft

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

5215 vulnerabilities reference this CWE, most recent first.

CVE-2024-7151 (GCVE-0-2024-7151)

Vulnerability from cvelistv5 – Published: 2024-07-27 20:00 – Updated: 2024-08-01 21:52
VLAI
Title
Tenda O3 setMacFilter fromMacFilterSet stack-based overflow
Summary
A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.272554 vdb-entrytechnical-description
https://vuldb.com/?ctiid.272554 signaturepermissions-required
https://vuldb.com/?submit.377040 third-party-advisory
https://github.com/noahze01/IoT-vulnerable/blob/m… exploit
Impacted products
Vendor Product Version
Tenda O3 Affected: 1.0.0.10(2478)
Create a notification for this product.
tenda o3v2_firmware Affected: 1.0.0.10
    cpe:2.3:o:tenda:o3v2_firmware:1.0.0.10:*:*:*:*:*:*:*
Create a notification for this product.
Credits
noahze (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:o3v2_firmware:1.0.0.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "o3v2_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.10"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7151",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-28T10:59:04.716252Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-28T10:59:48.643Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:52:30.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272554 | Tenda O3 setMacFilter fromMacFilterSet stack-based overflow",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272554"
          },
          {
            "name": "VDB-272554 | CTI Indicators (IOB, IOC, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272554"
          },
          {
            "name": "Submit #377040 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.377040"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/fromMacFilterSet.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "O3",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.10(2478)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "noahze (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda O3 1.0.0.10(2478) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion fromMacFilterSet der Datei /goform/setMacFilter. Durch das Manipulieren des Arguments remark mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-27T20:00:05.233Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272554 | Tenda O3 setMacFilter fromMacFilterSet stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272554"
        },
        {
          "name": "VDB-272554 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272554"
        },
        {
          "name": "Submit #377040 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.377040"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/fromMacFilterSet.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-27T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-27T07:51:39.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda O3 setMacFilter fromMacFilterSet stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7151",
    "datePublished": "2024-07-27T20:00:05.233Z",
    "dateReserved": "2024-07-27T05:46:26.985Z",
    "dateUpdated": "2024-08-01T21:52:30.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7013 (GCVE-0-2024-7013)

Vulnerability from cvelistv5 – Published: 2024-08-21 05:56 – Updated: 2024-08-21 13:31
VLAI
Summary
Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Impacted products
Vendor Product Version
Panasonic Holdings Corporation Control FPWIN Pro Affected: 0 , ≤ 7.7.2.0 (custom)
Create a notification for this product.
panasonic control_fpwin_pro Affected: 0 , ≤ 7.7.2.0 (custom)
    cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Michael Heinzl
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:panasonic:control_fpwin_pro:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "control_fpwin_pro",
            "vendor": "panasonic",
            "versions": [
              {
                "lessThanOrEqual": "7.7.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T13:29:39.833125Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T13:31:43.197Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Control FPWIN Pro",
          "vendor": "Panasonic Holdings Corporation",
          "versions": [
            {
              "lessThanOrEqual": "7.7.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Michael Heinzl"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eStack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.\u003c/span\u003e"
            }
          ],
          "value": "Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-21T05:56:06.650Z",
        "orgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
        "shortName": "Panasonic_Holdings_Corporation"
      },
      "references": [
        {
          "url": "https://industry.panasonic.eu/products/automation-devices-solutions/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
        },
        {
          "url": "https://industry.panasonic.com/jp/ja/products/fasys/plc/software/fpwinpro7"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2163caeb-3942-4e93-a74b-8c75338146ce",
    "assignerShortName": "Panasonic_Holdings_Corporation",
    "cveId": "CVE-2024-7013",
    "datePublished": "2024-08-21T05:56:06.650Z",
    "dateReserved": "2024-07-23T05:52:23.140Z",
    "dateUpdated": "2024-08-21T13:31:43.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6965 (GCVE-0-2024-6965)

Vulnerability from cvelistv5 – Published: 2024-07-22 01:31 – Updated: 2024-08-01 21:45
VLAI
Title
Tenda O3 fromVirtualSet stack-based overflow
Summary
A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272119. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.272119 vdb-entrytechnical-description
https://vuldb.com/?ctiid.272119 signaturepermissions-required
https://vuldb.com/?submit.374586 third-party-advisory
https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
Impacted products
Vendor Product Version
Tenda O3 Affected: 1.0.0.10
Create a notification for this product.
tenda o3v2 Affected: 1.0.0.10
    cpe:2.3:h:tenda:o3v2:1.0.0.10:*:*:*:*:*:*:*
Create a notification for this product.
tenda o3v2_firmware Affected: 1.0.0.10
    cpe:2.3:o:tenda:o3v2_firmware:1.0.0.10:*:*:*:*:*:*:*
Create a notification for this product.
Credits
yhryhryhr_tu (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:tenda:o3v2:1.0.0.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "o3v2",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.10"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:tenda:o3v2_firmware:1.0.0.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "o3v2_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.10"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6965",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T10:56:26.180564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T14:47:49.168Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:45:38.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272119 | Tenda O3 fromVirtualSet stack-based overflow",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272119"
          },
          {
            "name": "VDB-272119 | CTI Indicators (IOB, IOC, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272119"
          },
          {
            "name": "Submit #374586 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.374586"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/fromVirtualSet.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "O3",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yhryhryhr_tu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272119. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda O3 1.0.0.10 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion fromVirtualSet. Dank Manipulation des Arguments ip/localPort/publicPort/app mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-22T01:31:04.351Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272119 | Tenda O3 fromVirtualSet stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272119"
        },
        {
          "name": "VDB-272119 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272119"
        },
        {
          "name": "Submit #374586 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.374586"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/fromVirtualSet.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-21T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-21T15:32:44.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda O3 fromVirtualSet stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-6965",
    "datePublished": "2024-07-22T01:31:04.351Z",
    "dateReserved": "2024-07-21T13:27:33.680Z",
    "dateUpdated": "2024-08-01T21:45:38.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6964 (GCVE-0-2024-6964)

Vulnerability from cvelistv5 – Published: 2024-07-22 01:00 – Updated: 2024-08-01 21:45
VLAI
Title
Tenda O3 fromDhcpSetSer stack-based overflow
Summary
A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272118 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.272118 vdb-entrytechnical-description
https://vuldb.com/?ctiid.272118 signaturepermissions-required
https://vuldb.com/?submit.374585 third-party-advisory
https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
Impacted products
Vendor Product Version
Tenda O3 Affected: 1.0.0.10
Create a notification for this product.
tenda 03v2.0_firmware Affected: 1.0.0.10
    cpe:2.3:o:tenda:03v2.0_firmware:1.0.0.10:*:*:*:*:*:*:*
Create a notification for this product.
Credits
yhryhryhr_tu (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:03v2.0_firmware:1.0.0.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "03v2.0_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.10"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6964",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-24T16:59:47.282905Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T17:03:03.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:45:38.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272118 | Tenda O3 fromDhcpSetSer stack-based overflow",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272118"
          },
          {
            "name": "VDB-272118 | CTI Indicators (IOB, IOC, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272118"
          },
          {
            "name": "Submit #374585 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.374585"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/fromDhcpSetSer.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "O3",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yhryhryhr_tu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272118 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Tenda O3 1.0.0.10 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion fromDhcpSetSer. Dank der Manipulation des Arguments dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-22T01:00:06.939Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272118 | Tenda O3 fromDhcpSetSer stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272118"
        },
        {
          "name": "VDB-272118 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272118"
        },
        {
          "name": "Submit #374585 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.374585"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/fromDhcpSetSer.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-21T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-21T15:32:43.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda O3 fromDhcpSetSer stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-6964",
    "datePublished": "2024-07-22T01:00:06.939Z",
    "dateReserved": "2024-07-21T13:27:31.066Z",
    "dateUpdated": "2024-08-01T21:45:38.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6963 (GCVE-0-2024-6963)

Vulnerability from cvelistv5 – Published: 2024-07-22 00:00 – Updated: 2024-08-01 21:45
VLAI
Title
Tenda O3 formexeCommand stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.272117 vdb-entrytechnical-description
https://vuldb.com/?ctiid.272117 signaturepermissions-required
https://vuldb.com/?submit.374584 third-party-advisory
https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
Impacted products
Vendor Product Version
Tenda O3 Affected: 1.0.0.10
Create a notification for this product.
tenda o3v2_firmware Affected: 1.0.0.10
    cpe:2.3:o:tenda:o3v2_firmware:1.0.0.10:*:*:*:*:*:*:*
Create a notification for this product.
Credits
yhryhryhr_tu (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:o3v2_firmware:1.0.0.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "o3v2_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.10"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6963",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T14:34:44.883901Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T18:41:26.985Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:45:38.332Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272117 | Tenda O3 formexeCommand stack-based overflow",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272117"
          },
          {
            "name": "VDB-272117 | CTI Indicators (IOB, IOC, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272117"
          },
          {
            "name": "Submit #374584 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.374584"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "O3",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yhryhryhr_tu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Tenda O3 1.0.0.10 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion formexeCommand. Durch Beeinflussen des Arguments cmdinput mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-22T00:00:07.045Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272117 | Tenda O3 formexeCommand stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272117"
        },
        {
          "name": "VDB-272117 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272117"
        },
        {
          "name": "Submit #374584 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.374584"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-21T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-21T15:32:41.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda O3 formexeCommand stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-6963",
    "datePublished": "2024-07-22T00:00:07.045Z",
    "dateReserved": "2024-07-21T13:27:27.894Z",
    "dateUpdated": "2024-08-01T21:45:38.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6962 (GCVE-0-2024-6962)

Vulnerability from cvelistv5 – Published: 2024-07-21 23:31 – Updated: 2024-08-01 21:45
VLAI
Title
Tenda O3 formQosSet stack-based overflow
Summary
A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.272116 vdb-entrytechnical-description
https://vuldb.com/?ctiid.272116 signaturepermissions-required
https://vuldb.com/?submit.374583 third-party-advisory
https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
Impacted products
Vendor Product Version
Tenda O3 Affected: 1.0.0.10
Create a notification for this product.
tenda o3v2 Affected: 1.0.0.10
    cpe:2.3:h:tenda:o3v2:1.0.0.10:*:*:*:*:*:*:*
Create a notification for this product.
Credits
yhryhryhr_tu (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:tenda:o3v2:1.0.0.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "o3v2",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.10"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6962",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T16:53:25.462408Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T16:58:20.539Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:45:38.401Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-272116 | Tenda O3 formQosSet stack-based overflow",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.272116"
          },
          {
            "name": "VDB-272116 | CTI Indicators (IOB, IOC, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.272116"
          },
          {
            "name": "Submit #374583 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.374583"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formQosSet.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "O3",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "yhryhryhr_tu (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda O3 1.0.0.10 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion formQosSet. Durch das Beeinflussen des Arguments remark/ipRange/upSpeed/downSpeed/enable mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-21T23:31:04.452Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-272116 | Tenda O3 formQosSet stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.272116"
        },
        {
          "name": "VDB-272116 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.272116"
        },
        {
          "name": "Submit #374583 | Tenda O3V2.0 V1.0.0.10(2478) Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.374583"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formQosSet.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-07-21T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-07-21T15:32:40.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda O3 formQosSet stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-6962",
    "datePublished": "2024-07-21T23:31:04.452Z",
    "dateReserved": "2024-07-21T13:27:25.259Z",
    "dateUpdated": "2024-08-01T21:45:38.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6744 (GCVE-0-2024-6744)

Vulnerability from cvelistv5 – Published: 2024-07-15 06:32 – Updated: 2024-08-01 21:41
VLAI
Summary
The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Cellopoint Secure Email Gateway Affected: all , ≤ 4.5.0 (custom)
Create a notification for this product.
cellopoint secure_email_gateway Affected: 0 , < 4.5.0 (custom)
    cpe:2.3:a:cellopoint:secure_email_gateway:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-07-15 06:24
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cellopoint:secure_email_gateway:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_email_gateway",
            "vendor": "cellopoint",
            "versions": [
              {
                "lessThan": "4.5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6744",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-15T12:27:09.902764Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-15T12:32:57.510Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:04.572Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-7936-f6381-1.html"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/en/cp-139-7937-acbb5-2.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Secure Email Gateway",
          "vendor": "Cellopoint",
          "versions": [
            {
              "lessThanOrEqual": "4.5.0",
              "status": "affected",
              "version": "all",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-07-15T06:24:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server."
            }
          ],
          "value": "The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-15T06:34:38.461Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-7936-f6381-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-7937-acbb5-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInstall the patch Build_20240529 or later\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Install the patch Build_20240529 or later"
        }
      ],
      "source": {
        "advisory": "TVN-202407010",
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2024-6744",
    "datePublished": "2024-07-15T06:32:21.616Z",
    "dateReserved": "2024-07-15T05:39:38.800Z",
    "dateUpdated": "2024-08-01T21:41:04.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6403 (GCVE-0-2024-6403)

Vulnerability from cvelistv5 – Published: 2024-06-28 17:00 – Updated: 2024-08-01 21:41
VLAI
Title
Tenda A301 SetOnlineDevName formWifiBasicSet stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269948. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.269948 vdb-entrytechnical-description
https://vuldb.com/?ctiid.269948 signaturepermissions-required
https://vuldb.com/?submit.360752 third-party-advisory
https://github.com/General-Offensive/iot_vuldb/bl… exploit
Impacted products
Vendor Product Version
Tenda A301 Affected: 15.13.08.12
Create a notification for this product.
tenda a301_firmware Affected: 15.13.08.12
    cpe:2.3:o:tenda:a301_firmware:15.13.08.12:*:*:*:*:*:*:*
Create a notification for this product.
Credits
C9Y_57 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:a301_firmware:15.13.08.12:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "a301_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "15.13.08.12"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6403",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-02T19:38:09.935913Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T20:33:19.325Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:03.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-269948 | Tenda A301 SetOnlineDevName formWifiBasicSet stack-based overflow",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.269948"
          },
          {
            "name": "VDB-269948 | CTI Indicators (IOB, IOC, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.269948"
          },
          {
            "name": "Submit #360752 | Tenda A301V2.0 A301V2.0 Firmware V15.13.08.12 Buffer Overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.360752"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/General-Offensive/iot_vuldb/blob/main/Tenda/A301/formSetDeviceName_devName.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "A301",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.13.08.12"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "C9Y_57 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269948. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in Tenda A301 15.13.08.12 entdeckt. Betroffen davon ist die Funktion formWifiBasicSet der Datei /goform/SetOnlineDevName. Durch Manipulieren des Arguments devName mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-28T17:00:07.083Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-269948 | Tenda A301 SetOnlineDevName formWifiBasicSet stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.269948"
        },
        {
          "name": "VDB-269948 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.269948"
        },
        {
          "name": "Submit #360752 | Tenda A301V2.0 A301V2.0 Firmware V15.13.08.12 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.360752"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/General-Offensive/iot_vuldb/blob/main/Tenda/A301/formSetDeviceName_devName.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-06-28T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-06-28T14:19:50.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda A301 SetOnlineDevName formWifiBasicSet stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-6403",
    "datePublished": "2024-06-28T17:00:07.083Z",
    "dateReserved": "2024-06-28T12:14:41.333Z",
    "dateUpdated": "2024-08-01T21:41:03.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6402 (GCVE-0-2024-6402)

Vulnerability from cvelistv5 – Published: 2024-06-28 17:00 – Updated: 2024-08-01 21:41
VLAI
Title
Tenda A301 SetOnlineDevName fromSetWirelessRepeat stack-based overflow
Summary
A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269947. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
URL Tags
https://vuldb.com/?id.269947 vdb-entrytechnical-description
https://vuldb.com/?ctiid.269947 signaturepermissions-required
https://vuldb.com/?submit.360696 third-party-advisory
https://github.com/General-Offensive/iot_vuldb/bl… exploit
Impacted products
Vendor Product Version
Tenda A301 Affected: 15.13.08.12
Create a notification for this product.
tenda a301_firmware Affected: 15.13.08.12
    cpe:2.3:o:tenda:a301_firmware:15.13.08.12:*:*:*:*:*:*:*
Create a notification for this product.
Credits
dexter_zg (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:a301_firmware:15.13.08.12:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "a301_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "15.13.08.12"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6402",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-29T19:29:21.840575Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T19:30:25.108Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:03.185Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-269947 | Tenda A301 SetOnlineDevName fromSetWirelessRepeat stack-based overflow",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.269947"
          },
          {
            "name": "VDB-269947 | CTI Indicators (IOB, IOC, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.269947"
          },
          {
            "name": "Submit #360696 | Tenda A301V2.0 Firmware V15.13.08.12 buffer overflow",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.360696"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/General-Offensive/iot_vuldb/blob/main/Tenda/A301/formSetDeviceName_devName.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "A301",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.13.08.12"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "dexter_zg (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269947. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Tenda A301 15.13.08.12 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion fromSetWirelessRepeat der Datei /goform/SetOnlineDevName. Durch das Manipulieren des Arguments devName mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-28T17:00:05.443Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-269947 | Tenda A301 SetOnlineDevName fromSetWirelessRepeat stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.269947"
        },
        {
          "name": "VDB-269947 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.269947"
        },
        {
          "name": "Submit #360696 | Tenda A301V2.0 Firmware V15.13.08.12 buffer overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.360696"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/General-Offensive/iot_vuldb/blob/main/Tenda/A301/formSetDeviceName_devName.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-06-28T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-06-28T14:19:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda A301 SetOnlineDevName fromSetWirelessRepeat stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-6402",
    "datePublished": "2024-06-28T17:00:05.443Z",
    "dateReserved": "2024-06-28T12:14:38.593Z",
    "dateUpdated": "2024-08-01T21:41:03.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6249 (GCVE-0-2024-6249)

Vulnerability from cvelistv5 – Published: 2024-11-22 20:05 – Updated: 2024-12-04 21:35
VLAI
Title
Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Summary
Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TUTK P2P library. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22419.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
Wyze Cam v3 Affected: 4.36.11.7071
Create a notification for this product.
wyze cam_v3_firmware Affected: 4.36.11.7071
    cpe:2.3:o:wyze:cam_v3_firmware:4.36.11.7071:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-06-21 20:26
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:wyze:cam_v3_firmware:4.36.11.7071:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cam_v3_firmware",
            "vendor": "wyze",
            "versions": [
              {
                "status": "affected",
                "version": "4.36.11.7071"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T15:16:08.116330Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T21:35:15.193Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cam v3",
          "vendor": "Wyze",
          "versions": [
            {
              "status": "affected",
              "version": "4.36.11.7071"
            }
          ]
        }
      ],
      "dateAssigned": "2024-06-21T14:52:37.903Z",
      "datePublic": "2024-06-21T20:26:34.095Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the TUTK P2P library. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22419."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-22T20:05:46.118Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-840",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-840/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://forums.wyze.com/t/security-advisory/289256"
        }
      ],
      "source": {
        "lang": "en",
        "value": "STEALIEN Inc. (Dohyun Kim, Sejun Oh, Hyeong Il Moon, Wonuk Bae, Jaehoon Jang, Bongeun Koo, Sungjun Park, Kitae Park, Wonbeen Im)"
      },
      "title": "Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-6249",
    "datePublished": "2024-11-22T20:05:46.118Z",
    "dateReserved": "2024-06-21T14:52:37.912Z",
    "dateUpdated": "2024-12-04T21:35:15.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.

Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.