PT-2024-4572 · Tenda · Tenda Ax1806

Wxhwxhwxh_Mie

Published

2024-04-26

Updated

2024-06-04

CVE-2024-4238

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1

Description: A critical issue has been found in the function formSetDeviceName of the file /goform/SetOnlineDevName, which is related to a stack-based buffer overflow. The manipulation of the argument devName can lead to this issue. The attack can be launched remotely.

Recommendations: For Tenda AX1806 version 1.0.0.1, as a temporary workaround, consider disabling the formSetDeviceName function until a patch is available. Restrict access to the /goform/SetOnlineDevName file to minimize the risk of exploitation. Avoid using the argument devName in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2024-05078

CVE-2024-4238

Affected Products

Tenda Ax1806

PT-2024-4572 · Tenda · Tenda Ax1806

CVE-2024-4238

Weakness Enumeration

Related Identifiers

Affected Products

References · 11