CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2024-24686 (GCVE-0-2024-24686)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI
Summary
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the faces section of an `.off` file processed via the `readOFF` function.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ligibl:ligibl:v2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ligibl",
"vendor": "ligibl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T16:08:23.044711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:04.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the faces section of an `.off` file processed via the `readOFF` function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:08:51.045Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-24686",
"datePublished": "2024-05-28T14:02:40.153Z",
"dateReserved": "2024-01-26T09:40:46.280Z",
"dateUpdated": "2025-02-13T17:40:19.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2485 (GCVE-0-2024-2485)
Vulnerability from cvelistv5 – Published: 2024-03-15 07:00 – Updated: 2025-02-13 17:40
VLAI
Title
Tenda AC18 SetSpeedWan formSetSpeedWan stack-based overflow
Summary
A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.256892 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.256892 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC18 |
Affected:
15.03.05.05
|
|
| tenda | ac18_firmware |
Affected:
15.03.05.05
cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-256892 | Tenda AC18 SetSpeedWan formSetSpeedWan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.256892"
},
{
"name": "VDB-256892 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.256892"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/SetSpeedWan.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/setUsbUnload.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac18_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2485",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:22:53.972031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:30.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC18",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda AC18 15.03.05.05 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion formSetSpeedWan der Datei /goform/SetSpeedWan. Durch das Beeinflussen des Arguments speed_dir mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T19:35:31.590Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-256892 | Tenda AC18 SetSpeedWan formSetSpeedWan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.256892"
},
{
"name": "VDB-256892 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.256892"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/SetSpeedWan.md"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/setUsbUnload.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-15T01:47:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC18 SetSpeedWan formSetSpeedWan stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2485",
"datePublished": "2024-03-15T07:00:08.196Z",
"dateReserved": "2024-03-15T00:42:22.429Z",
"dateUpdated": "2025-02-13T17:40:31.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2486 (GCVE-0-2024-2486)
Vulnerability from cvelistv5 – Published: 2024-03-15 08:00 – Updated: 2024-08-01 19:11
VLAI
Title
Tenda AC18 QuickIndex formQuickIndex stack-based overflow
Summary
A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256893 was assigned to this vulnerability.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.256893 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.256893 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T19:13:56.363699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:19.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-256893 | Tenda AC18 QuickIndex formQuickIndex stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.256893"
},
{
"name": "VDB-256893 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.256893"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formQuickIndex.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC18",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256893 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC18 15.03.05.05 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion formQuickIndex der Datei /goform/QuickIndex. Durch Beeinflussen des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T08:00:06.524Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-256893 | Tenda AC18 QuickIndex formQuickIndex stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.256893"
},
{
"name": "VDB-256893 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.256893"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formQuickIndex.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-15T01:47:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC18 QuickIndex formQuickIndex stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2486",
"datePublished": "2024-03-15T08:00:06.524Z",
"dateReserved": "2024-03-15T00:42:32.950Z",
"dateUpdated": "2024-08-01T19:11:53.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2487 (GCVE-0-2024-2487)
Vulnerability from cvelistv5 – Published: 2024-03-15 08:31 – Updated: 2024-08-08 20:48
VLAI
Title
Tenda AC18 SetOnlineDevName formSetDeviceName stack-based overflow
Summary
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256894 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.256894 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.256894 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC18 |
Affected:
15.03.05.05
|
|
| tenda | ac18_firmware |
Affected:
15.03.05.05
cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-256894 | Tenda AC18 SetOnlineDevName formSetDeviceName stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.256894"
},
{
"name": "VDB-256894 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.256894"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetDeviceName_devName.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac18_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2487",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T20:48:11.123358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T20:48:48.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC18",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256894 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda AC18 15.03.05.05 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion formSetDeviceName der Datei /goform/SetOnlineDevName. Dank der Manipulation des Arguments devName/mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T08:31:04.506Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-256894 | Tenda AC18 SetOnlineDevName formSetDeviceName stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.256894"
},
{
"name": "VDB-256894 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.256894"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetDeviceName_devName.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-15T01:47:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC18 SetOnlineDevName formSetDeviceName stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2487",
"datePublished": "2024-03-15T08:31:04.506Z",
"dateReserved": "2024-03-15T00:42:38.900Z",
"dateUpdated": "2024-08-08T20:48:48.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2488 (GCVE-0-2024-2488)
Vulnerability from cvelistv5 – Published: 2024-03-15 09:00 – Updated: 2024-08-21 15:21
VLAI
Title
Tenda AC18 SetPptpServerCfg formSetPPTPServer stack-based overflow
Summary
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256895. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.256895 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.256895 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC18 |
Affected:
15.03.05.05
|
|
| tenda | ac18_firmware |
Affected:
15.03.05.05
cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-256895 | Tenda AC18 SetPptpServerCfg formSetPPTPServer stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.256895"
},
{
"name": "VDB-256895 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.256895"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetPPTPServer.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac18_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2488",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:19:24.932211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:21:16.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC18",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256895. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda AC18 15.03.05.05 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion formSetPPTPServer der Datei /goform/SetPptpServerCfg. Dank Manipulation des Arguments startIP mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T09:00:08.823Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-256895 | Tenda AC18 SetPptpServerCfg formSetPPTPServer stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.256895"
},
{
"name": "VDB-256895 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.256895"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetPPTPServer.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-15T01:47:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC18 SetPptpServerCfg formSetPPTPServer stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2488",
"datePublished": "2024-03-15T09:00:08.823Z",
"dateReserved": "2024-03-15T00:42:54.142Z",
"dateUpdated": "2024-08-21T15:21:16.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2489 (GCVE-0-2024-2489)
Vulnerability from cvelistv5 – Published: 2024-03-15 09:00 – Updated: 2025-04-10 20:28
VLAI
Title
Tenda AC18 SetNetControlList formSetQosBand stack-based overflow
Summary
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.256896 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.256896 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac18",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2489",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T13:50:37.546517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:28:47.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-256896 | Tenda AC18 SetNetControlList formSetQosBand stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.256896"
},
{
"name": "VDB-256896 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.256896"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetQosBand.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC18",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda AC18 15.03.05.05 entdeckt. Hiervon betroffen ist die Funktion formSetQosBand der Datei /goform/SetNetControlList. Mit der Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T09:00:10.441Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-256896 | Tenda AC18 SetNetControlList formSetQosBand stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.256896"
},
{
"name": "VDB-256896 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.256896"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetQosBand.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-15T01:48:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC18 SetNetControlList formSetQosBand stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2489",
"datePublished": "2024-03-15T09:00:10.441Z",
"dateReserved": "2024-03-15T00:43:00.217Z",
"dateUpdated": "2025-04-10T20:28:47.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2490 (GCVE-0-2024-2490)
Vulnerability from cvelistv5 – Published: 2024-03-15 09:31 – Updated: 2024-08-01 19:18
VLAI
Title
Tenda AC18 openSchedWifi setSchedWifi stack-based overflow
Summary
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.256897 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.256897 | signaturepermissions-required |
| https://github.com/Emilytutu/IoT-vulnerable/blob/… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC18 |
Affected:
15.03.05.05
|
|
| tenda | ac18_firmware |
Affected:
15.03.05.05
cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac18_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2490",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T21:05:16.681190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:05:39.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:18:46.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-256897 | Tenda AC18 openSchedWifi setSchedWifi stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.256897"
},
{
"name": "VDB-256897 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.256897"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/Emilytutu/IoT-vulnerable/blob/main/Tenda/AC18/setSchedWifi_end.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC18",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda AC18 15.03.05.05 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion setSchedWifi der Datei /goform/openSchedWifi. Durch die Manipulation des Arguments schedStartTime/schedEndTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T09:31:04.121Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-256897 | Tenda AC18 openSchedWifi setSchedWifi stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.256897"
},
{
"name": "VDB-256897 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.256897"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Emilytutu/IoT-vulnerable/blob/main/Tenda/AC18/setSchedWifi_end.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-15T01:48:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC18 openSchedWifi setSchedWifi stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2490",
"datePublished": "2024-03-15T09:31:04.121Z",
"dateReserved": "2024-03-15T00:43:05.939Z",
"dateUpdated": "2024-08-01T19:18:46.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24962 (GCVE-0-2024-24962)
Vulnerability from cvelistv5 – Published: 2024-05-28 15:30 – Updated: 2025-02-13 17:40
VLAI
Summary
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e98` of v1.2.10.9 of the P3-550E firmware.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AutomationDirect | P3-550E |
Affected:
1.2.10.9
|
|
| automationdirect | p3-550e_firmware |
Affected:
1.2.10.9
cpe:2.3:o:automationdirect:p3-550e_firmware:1.2.10.9:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:automationdirect:p3-550e_firmware:1.2.10.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "p3-550e_firmware",
"vendor": "automationdirect",
"versions": [
{
"status": "affected",
"version": "1.2.10.9"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:33:37.881602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:19.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1939",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1939"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "P3-550E",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "1.2.10.9"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e98` of v1.2.10.9 of the P3-550E firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:13:28.497Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1939",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1939"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1939"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-24962",
"datePublished": "2024-05-28T15:30:16.326Z",
"dateReserved": "2024-02-01T20:45:31.233Z",
"dateUpdated": "2025-02-13T17:40:41.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24963 (GCVE-0-2024-24963)
Vulnerability from cvelistv5 – Published: 2024-05-28 15:30 – Updated: 2025-02-13 17:40
VLAI
Summary
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e84` of v1.2.10.9 of the P3-550E firmware.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AutomationDirect | P3-550E |
Affected:
1.2.10.9
|
|
| automationdirect | p3-550e_firmware |
Affected:
1.2.10.9
cpe:2.3:o:automationdirect:p3-550e_firmware:1.2.10.9:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:automationdirect:p3-550e_firmware:1.2.10.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "p3-550e_firmware",
"vendor": "automationdirect",
"versions": [
{
"status": "affected",
"version": "1.2.10.9"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T00:58:21.963896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:25.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1939",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1939"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "P3-550E",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "1.2.10.9"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e84` of v1.2.10.9 of the P3-550E firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:13:30.192Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1939",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1939"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1939"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-24963",
"datePublished": "2024-05-28T15:30:16.410Z",
"dateReserved": "2024-02-01T20:45:31.234Z",
"dateUpdated": "2025-02-13T17:40:42.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25137 (GCVE-0-2024-25137)
Vulnerability from cvelistv5 – Published: 2024-03-26 22:58 – Updated: 2024-08-01 23:36
VLAI
Title
AutomationDirect C-MORE EA9 HMI Stack-based Buffer Overflow
Summary
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://https://www.cisa.gov/news-events/ics-advi… | government-resource |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| AutomationDirect | C-MORE EA9 HMI EA9-T6CL |
Affected:
0 , ≤ 6.77
(custom)
|
|
| AutomationDirect | C-MORE EA9 HMI EA9-T7CL |
Affected:
0 , ≤ 6.77
(custom)
|
|
| AutomationDirect | C-MORE EA9 HMI EA0-T7CL-R |
Affected:
0 , ≤ 6.77
(custom)
|
|
| AutomationDirect | C-MORE EA9 HMI EA9-T8CL |
Affected:
0 , ≤ 6.77
(custom)
|
|
| AutomationDirect | C-MORE EA9 HMI EA9-T10CL |
Affected:
0 , ≤ 6.77
(custom)
|
|
| AutomationDirect | C-MORE EA9 HMI EA9-T10WCL |
Affected:
0 , ≤ 6.77
(custom)
|
|
| AutomationDirect | C-MORE EA9 HMI EA9-T12CL |
Affected:
0 , ≤ 6.77
(custom)
|
|
| AutomationDirect | C-MORE EA9 HMI EA9-T15CL |
Affected:
0 , ≤ 6.77
(custom)
|
|
| AutomationDirect | C-MORE EA9 HMI EA9-T15CL-R |
Affected:
0 , ≤ 6.77
(custom)
|
|
| AutomationDirect | C-MORE EA9 HMI EA9-RHMI |
Affected:
0 , ≤ 6.77
(c)
|
|
| AutomationDirect | C-MORE EA9 HMI EA9-PGMSW |
Affected:
0 , ≤ 6.77
(custom)
|
Date Public
2024-03-26 19:18
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T11:12:42.141439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:59.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA9-T6CL",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA9-T7CL",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA0-T7CL-R",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA9-T8CL",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA9-T10CL",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA9-T10WCL",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA9-T12CL",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA9-T15CL",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA9-T15CL-R",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA9-RHMI",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "c"
}
]
},
{
"defaultStatus": "unaffected",
"product": "C-MORE EA9 HMI EA9-PGMSW",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "6.77",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA."
}
],
"datePublic": "2024-03-26T19:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\nIn AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T23:16:14.278Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAutomationDirect recommends that users update C-MORE EA9 HMI to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.automationdirect.com/support/software-downloads\"\u003eV6.78\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nAutomationDirect recommends that users update C-MORE EA9 HMI to V6.78 https://www.automationdirect.com/support/software-downloads .\n\n"
}
],
"source": {
"advisory": "ICSA-24-086-01",
"discovery": "EXTERNAL"
},
"title": "AutomationDirect C-MORE EA9 HMI Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-25137",
"datePublished": "2024-03-26T22:58:44.753Z",
"dateReserved": "2024-02-05T21:38:12.857Z",
"dateUpdated": "2024-08-01T23:36:21.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Description:
- Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.