CVE-2024-45413

Name of the Vulnerable Software and Affected Versions: ZTE routers (affected versions not specified)

Description: The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in the rsa decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, and the decrypted data is stored on the stack without checking its length. An authenticated attacker can get remote code execution (RCE) as root by exploiting this vulnerability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.