PT-2024-1454 · Tenda · Tenda W9
Jylsec
·
Published
2024-01-14
·
Updated
2024-05-17
·
CVE-2024-0538
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda W9 version 1.0.0.7(4456)
Description
A critical vulnerability has been found in the function
formQosManage auto of the httpd component. The manipulation of the argument ssidIndex leads to a stack-based buffer overflow. This issue can be exploited remotely, allowing an attacker to potentially execute arbitrary code. The exploit has been disclosed publicly.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tenda W9