PT-2024-24505 · Tenda · Tenda Ac10

Published

2024-04-17

Updated

2025-03-17

CVE-2024-32317

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Tenda AC10 v4.0 V16.03.10.13 Tenda AC10 v4.0 V16.03.10.20

Description The issue is a stack overflow vulnerability. It occurs via the adslPwd parameter in the formWanParameterSetting function.

Recommendations For Tenda AC10 v4.0 V16.03.10.13, avoid using the adslPwd parameter in the formWanParameterSetting function until a patch is available. For Tenda AC10 v4.0 V16.03.10.20, avoid using the adslPwd parameter in the formWanParameterSetting function until a patch is available. As a temporary workaround, consider disabling the formWanParameterSetting function until a patch is available.

Exploit

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2024-32317

Affected Products

Tenda Ac10

PT-2024-24505 · Tenda · Tenda Ac10

CVE-2024-32317

Weakness Enumeration

Related Identifiers

Affected Products

References · 6