CVE-2024-45415

Name of the Vulnerable Software and Affected Versions: ZTE routers (affected versions not specified)

Description: The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in the check data integrity function. This function is responsible for validating the checksum of data in post requests. The checksum is sent encrypted in the request, and the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can gain remote code execution (RCE) as root by exploiting this vulnerability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.