PT-2024-6159 · Tenda · Tenda O6
Yhryhryhr_Miemie
·
Published
2024-08-27
·
Updated
2024-08-31
·
CVE-2024-8229
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda O6 version 1.0.0.7(2054)
Description
The issue is related to a stack-based buffer overflow in the
frommacFilterModify function of the /goform/operateMacFilter file. This can be exploited by manipulating the mac argument, allowing a remote attacker to execute arbitrary code or cause a denial of service.Recommendations
For Tenda O6 version 1.0.0.7(2054), as a temporary workaround, consider disabling the
frommacFilterModify function until a patch is available. Restrict access to the /goform/operateMacFilter file to minimize the risk of exploitation. Avoid using the mac argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tenda O6