CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2024-2764 (GCVE-0-2024-2764)
Vulnerability from cvelistv5 – Published: 2024-03-21 20:31 – Updated: 2024-08-02 13:57
VLAI
Title
Tenda AC10U SetPptpServerCfg formSetPPTPServer stack-based overflow
Summary
A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.257601 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.257601 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC10U |
Affected:
15.03.06.48
|
|
| tendacn | ac10u_firmware |
Affected:
15.03.06.48_multi_tde01
cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.48_multi_tde01:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-257601 | Tenda AC10U SetPptpServerCfg formSetPPTPServer stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.257601"
},
{
"name": "VDB-257601 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.257601"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetPPTPServer.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.48_multi_tde01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10u_firmware",
"vendor": "tendacn",
"versions": [
{
"status": "affected",
"version": "15.03.06.48_multi_tde01"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2764",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-22T14:41:42.917825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T13:57:14.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC10U",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.06.48"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda AC10U 15.03.06.48 gefunden. Hiervon betroffen ist die Funktion formSetPPTPServer der Datei /goform/SetPptpServerCfg. Durch die Manipulation des Arguments endIP mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T20:31:05.130Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-257601 | Tenda AC10U SetPptpServerCfg formSetPPTPServer stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.257601"
},
{
"name": "VDB-257601 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.257601"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetPPTPServer.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-21T16:22:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC10U SetPptpServerCfg formSetPPTPServer stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2764",
"datePublished": "2024-03-21T20:31:05.130Z",
"dateReserved": "2024-03-21T15:17:47.961Z",
"dateUpdated": "2024-08-02T13:57:14.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28014 (GCVE-0-2024-28014)
Vulnerability from cvelistv5 – Published: 2024-03-28 00:56 – Updated: 2025-01-14 04:05
VLAI
Summary
Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command via the internet.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
2 references
Impacted products
60 products
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | WG1800HP4 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS3 |
Affected:
all versions
|
|
| NEC Corporation | WG1900HP2 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP3 |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP3 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS2 |
Affected:
all versions
|
|
| NEC Corporation | WG1900HP |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP2 |
Affected:
all versions
|
|
| NEC Corporation | W1200EX(-MS) |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP |
Affected:
all versions
|
|
| NEC Corporation | WF300HP2 |
Affected:
all versions
|
|
| NEC Corporation | W300P |
Affected:
all versions
|
|
| NEC Corporation | WF800HP |
Affected:
all versions
|
|
| NEC Corporation | WR8165N |
Affected:
all versions
|
|
| NEC Corporation | WG2200HP |
Affected:
all versions
|
|
| NEC Corporation | WF1200HP2 |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP2 |
Affected:
all versions
|
|
| NEC Corporation | WF1200HP |
Affected:
all versions
|
|
| NEC Corporation | WG600HP |
Affected:
all versions
|
|
| NEC Corporation | WG300HP |
Affected:
all versions
|
|
| NEC Corporation | WF300HP |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP |
Affected:
all versions
|
|
| NEC Corporation | WG1400HP |
Affected:
all versions
|
|
| NEC Corporation | WR8175N |
Affected:
all versions
|
|
| NEC Corporation | WR9300N |
Affected:
all versions
|
|
| NEC Corporation | WR8750N |
Affected:
all versions
|
|
| NEC Corporation | WR8160N |
Affected:
all versions
|
|
| NEC Corporation | WR9500N |
Affected:
all versions
|
|
| NEC Corporation | WR8600N |
Affected:
all versions
|
|
| NEC Corporation | WR8370N |
Affected:
all versions
|
|
| NEC Corporation | WR8170N |
Affected:
all versions
|
|
| NEC Corporation | WR8700N |
Affected:
all versions
|
|
| NEC Corporation | WR8300N |
Affected:
all versions
|
|
| NEC Corporation | WR8150N |
Affected:
all versions
|
|
| NEC Corporation | WR4100N |
Affected:
all versions
|
|
| NEC Corporation | WR4500N |
Affected:
all versions
|
|
| NEC Corporation | WR8100N |
Affected:
all versions
|
|
| NEC Corporation | WR8500N |
Affected:
all versions
|
|
| NEC Corporation | CR2500P |
Affected:
all versions
|
|
| NEC Corporation | WR8400N |
Affected:
all versions
|
|
| NEC Corporation | WR8200N |
Affected:
all versions
|
|
| NEC Corporation | WR1200H |
Affected:
all versions
|
|
| NEC Corporation | WR7870S |
Affected:
all versions
|
|
| NEC Corporation | WR6670S |
Affected:
all versions
|
|
| NEC Corporation | WR7850S |
Affected:
all versions
|
|
| NEC Corporation | WR6650S |
Affected:
all versions
|
|
| NEC Corporation | WR6600H |
Affected:
all versions
|
|
| NEC Corporation | WR7800H |
Affected:
all versions
|
|
| NEC Corporation | WM3400RN |
Affected:
all versions
|
|
| NEC Corporation | WM3450RN |
Affected:
all versions
|
|
| NEC Corporation | WM3500R |
Affected:
all versions
|
|
| NEC Corporation | WM3600R |
Affected:
all versions
|
|
| NEC Corporation | WM3800R |
Affected:
all versions
|
|
| NEC Corporation | WR8166N |
Affected:
all versions
|
|
| NEC Corporation | MR01LN |
Affected:
all versions
|
|
| NEC Corporation | MR02LN |
Affected:
all versions
|
|
| NEC Corporation | WG1810HP(JE) |
Affected:
all versions
|
|
| NEC Corporation | WG1810HP(MF) |
Affected:
all versions
|
|
| nec | aterm_w1200ex\(-ms\)_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:nec:aterm_cr2500p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_mr01ln_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_mr02ln_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_w300p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf1200hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf1200hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf300hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf300hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf800hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hp3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hs2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hs3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hs_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1400hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1800hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1800hp3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1800hp4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1800hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1810hp\(je\)_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1810hp\(mf\)_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1900hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1900hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg2200hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg300hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg600hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wm3400rn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wm3450rn_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wm3500r_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wm3600r_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wm3800r_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr1200h_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr4100n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr4500n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr6600h_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr6650s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr6670s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr7800h_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr7850s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr7870s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8100n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8150n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8160n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8165n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8166n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8170n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8175n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8200n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8300n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8370n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8400n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8500n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8600n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8700n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8750n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr9300n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr9500n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_w1200ex\(-ms\)_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:47.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nec:aterm_cr2500p_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_mr01ln_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_mr02ln_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_w300p_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf1200hp2_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf1200hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf300hp2_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf300hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf800hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hp2_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hp3_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hs2_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hs3_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hs_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1400hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1800hp2_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1800hp3_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1800hp4_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1800hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1810hp\\(je\\)_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1810hp\\(mf\\)_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1900hp2_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1900hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg2200hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg300hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg600hp_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wm3400rn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wm3450rn_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wm3500r_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wm3600r_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wm3800r_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr1200h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr4100n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr4500n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr6600h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr6650s_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr6670s_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr7800h_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr7850s_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr7870s_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8100n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8150n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8160n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8165n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8166n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8170n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8175n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8200n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8300n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8370n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8400n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8500n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8600n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8700n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8750n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr9300n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr9500n_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_w1200ex\\(-ms\\)_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aterm_w1200ex\\(-ms\\)_firmware",
"vendor": "nec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T17:36:07.288926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T18:42:34.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WG1800HP4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1900HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1900HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "W1200EX(-MS)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF300HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "W300P",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8165N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF1200HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF1200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1400HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8175N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR9300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8750N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8160N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR9500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8600N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8370N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8170N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8700N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8150N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR4100N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR4500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8100N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "CR2500P",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8400N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8200N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR1200H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7870S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6670S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7850S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6650S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6600H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7800H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3400RN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3450RN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3500R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3600R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3800R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8166N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "MR01LN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "MR02LN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1810HP(JE)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1810HP(MF)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command via the internet."
}
],
"value": "Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command via the internet."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T04:05:52.531Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2024-28014",
"datePublished": "2024-03-28T00:56:39.075Z",
"dateReserved": "2024-02-29T08:40:13.582Z",
"dateUpdated": "2025-01-14T04:05:52.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28038 (GCVE-0-2024-28038)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:37 – Updated: 2025-11-04 17:19
VLAI
Summary
The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based buffer overflow
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sharp Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Sharp Corporation listed under [References]
|
|
| Toshiba Tec Corporation | Multiple MFPs (multifunction printers) |
Affected:
See the information provided by Toshiba Tec Corporation listed under [References]
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T22:09:23.255878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T14:57:54.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:37.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Sharp Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Sharp Corporation listed under [References]"
}
]
},
{
"product": "Multiple MFPs (multifunction printers)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "See the information provided by Toshiba Tec Corporation listed under [References]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T07:37:06.324Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
},
{
"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
},
{
"url": "https://www.toshibatec.com/information/20240531_02.html"
},
{
"url": "https://www.toshibatec.co.jp/information/20240531_02.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93051062/"
},
{
"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-28038",
"datePublished": "2024-11-26T07:37:06.324Z",
"dateReserved": "2024-05-22T09:00:14.691Z",
"dateUpdated": "2025-11-04T17:19:37.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-2805 (GCVE-0-2024-2805)
Vulnerability from cvelistv5 – Published: 2024-03-22 03:00 – Updated: 2024-08-01 19:25
VLAI
Title
Tenda AC15 SetSpeedWan formSetSpeedWan stack-based overflow
Summary
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.257660 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.257660 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC15 |
Affected:
15.03.05.18
Affected: 15.03.20_multi |
|
| tenda | ac15_firmware |
Affected:
15.03.05.18
cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:* |
|
| tenda | ac15_firmware |
Affected:
15.03.20_multi
cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2805",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T14:59:16.273514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T19:52:43.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-257660 | Tenda AC15 SetSpeedWan formSetSpeedWan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.257660"
},
{
"name": "VDB-257660 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.257660"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/SetSpeedWan.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC15",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
},
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda AC15 15.03.05.18/15.03.20_multi ausgemacht. Davon betroffen ist die Funktion formSetSpeedWan der Datei /goform/SetSpeedWan. Durch das Manipulieren des Arguments speed_dir mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T03:00:06.426Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-257660 | Tenda AC15 SetSpeedWan formSetSpeedWan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.257660"
},
{
"name": "VDB-257660 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.257660"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/SetSpeedWan.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-21T22:38:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC15 SetSpeedWan formSetSpeedWan stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2805",
"datePublished": "2024-03-22T03:00:06.426Z",
"dateReserved": "2024-03-21T21:33:09.307Z",
"dateUpdated": "2024-08-01T19:25:42.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2806 (GCVE-0-2024-2806)
Vulnerability from cvelistv5 – Published: 2024-03-22 04:31 – Updated: 2024-08-21 15:13
VLAI
Title
Tenda AC15 addWifiMacFilter stack-based overflow
Summary
A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.257661 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.257661 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC15 |
Affected:
15.03.05.18
Affected: 15.03.20_multi |
|
| tenda | ac15_firmware |
Affected:
15.03.05.18
cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:* |
|
| tenda | ac15_firmware |
Affected:
15.03.05.20_multi
cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-257661 | Tenda AC15 addWifiMacFilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.257661"
},
{
"name": "VDB-257661 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.257661"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.20_multi"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2806",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:10:50.792677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:13:05.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC15",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
},
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC15 15.03.05.18/15.03.20_multi entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion addWifiMacFilter der Datei /goform/addWifiMacFilter. Durch Manipulieren des Arguments deviceId/deviceMac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T04:31:04.089Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-257661 | Tenda AC15 addWifiMacFilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.257661"
},
{
"name": "VDB-257661 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.257661"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-21T22:38:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC15 addWifiMacFilter stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2806",
"datePublished": "2024-03-22T04:31:04.089Z",
"dateReserved": "2024-03-21T21:33:26.262Z",
"dateUpdated": "2024-08-21T15:13:05.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2807 (GCVE-0-2024-2807)
Vulnerability from cvelistv5 – Published: 2024-03-22 04:31 – Updated: 2025-04-10 20:11
VLAI
Title
Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow
Summary
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.257662 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.257662 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
},
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2807",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T16:38:21.385456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:11:54.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-257662 | Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.257662"
},
{
"name": "VDB-257662 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.257662"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC15",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
},
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda AC15 15.03.05.18/15.03.20_multi wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formExpandDlnaFile der Datei /goform/expandDlnaFile. Durch das Beeinflussen des Arguments filePath mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T04:31:05.417Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-257662 | Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.257662"
},
{
"name": "VDB-257662 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.257662"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-21T22:38:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2807",
"datePublished": "2024-03-22T04:31:05.417Z",
"dateReserved": "2024-03-21T21:33:54.048Z",
"dateUpdated": "2025-04-10T20:11:54.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2808 (GCVE-0-2024-2808)
Vulnerability from cvelistv5 – Published: 2024-03-22 05:00 – Updated: 2024-08-12 13:41
VLAI
Title
Tenda AC15 QuickIndex formQuickIndex stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.257663 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.257663 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC15 |
Affected:
15.03.05.18
Affected: 15.03.20_multi |
|
| tenda | ac15_firmware |
Affected:
15.03.05.18
cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:* |
|
| tenda | ac15_firmware |
Affected:
15.03.20_multi
cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-257663 | Tenda AC15 QuickIndex formQuickIndex stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.257663"
},
{
"name": "VDB-257663 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.257663"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-22T14:57:09.173805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T13:41:45.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC15",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
},
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda AC15 15.03.05.18/15.03.20_multi entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion formQuickIndex der Datei /goform/QuickIndex. Durch Beeinflussen des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T05:00:06.300Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-257663 | Tenda AC15 QuickIndex formQuickIndex stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.257663"
},
{
"name": "VDB-257663 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.257663"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-21T22:39:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC15 QuickIndex formQuickIndex stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2808",
"datePublished": "2024-03-22T05:00:06.300Z",
"dateReserved": "2024-03-21T21:34:07.034Z",
"dateUpdated": "2024-08-12T13:41:45.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2809 (GCVE-0-2024-2809)
Vulnerability from cvelistv5 – Published: 2024-03-22 05:31 – Updated: 2024-08-01 20:52
VLAI
Title
Tenda AC15 SetFirewallCfg formSetFirewallCfg stack-based overflow
Summary
A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.257664 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.257664 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC15 |
Affected:
15.03.05.18
Affected: 15.03.20_multi |
|
| tenda | ac15_firmware |
Affected:
15.03.05.18
cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:* |
|
| tenda | ac15_firmware |
Affected:
15.03.20_multi
cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-257664 | Tenda AC15 SetFirewallCfg formSetFirewallCfg stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.257664"
},
{
"name": "VDB-257664 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.257664"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2809",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T20:51:20.892981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T20:52:37.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC15",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
},
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC15 15.03.05.18/15.03.20_multi gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion formSetFirewallCfg der Datei /goform/SetFirewallCfg. Dank der Manipulation des Arguments firewallEn mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T05:31:04.573Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-257664 | Tenda AC15 SetFirewallCfg formSetFirewallCfg stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.257664"
},
{
"name": "VDB-257664 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.257664"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-21T22:39:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC15 SetFirewallCfg formSetFirewallCfg stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2809",
"datePublished": "2024-03-22T05:31:04.573Z",
"dateReserved": "2024-03-21T21:34:19.498Z",
"dateUpdated": "2024-08-01T20:52:37.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2810 (GCVE-0-2024-2810)
Vulnerability from cvelistv5 – Published: 2024-03-22 05:31 – Updated: 2024-08-12 13:40
VLAI
Title
Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow
Summary
A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.257665 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.257665 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC15 |
Affected:
15.03.05.18
Affected: 15.03.20_multi |
|
| tenda | ac15_firmware |
Affected:
15.03.05.18
cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:* |
|
| tenda | ac15_firmware |
Affected:
15.03.20_multi
cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-257665 | Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.257665"
},
{
"name": "VDB-257665 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.257665"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T19:11:53.980346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T13:40:03.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC15",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
},
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda AC15 15.03.05.18/15.03.20_multi wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion formWifiWpsOOB der Datei /goform/WifiWpsOOB. Dank Manipulation des Arguments index mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T05:31:05.963Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-257665 | Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.257665"
},
{
"name": "VDB-257665 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.257665"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-21T22:39:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2810",
"datePublished": "2024-03-22T05:31:05.963Z",
"dateReserved": "2024-03-21T21:34:30.779Z",
"dateUpdated": "2024-08-12T13:40:03.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2811 (GCVE-0-2024-2811)
Vulnerability from cvelistv5 – Published: 2024-03-22 06:00 – Updated: 2024-08-21 22:53
VLAI
Title
Tenda AC15 WifiWpsStart formWifiWpsStart stack-based overflow
Summary
A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
8.8 (High)
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.257666 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.257666 | signaturepermissions-required |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC15 |
Affected:
15.03.20_multi
|
|
| tenda | ac15_firmware |
Affected:
15.03.20_multi
cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-257666 | Tenda AC15 WifiWpsStart formWifiWpsStart stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.257666"
},
{
"name": "VDB-257666 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.257666"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.20_multi:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2811",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-27T13:55:59.253282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T22:53:07.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC15",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.20_multi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda AC15 15.03.20_multi gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion formWifiWpsStart der Datei /goform/WifiWpsStart. Mit der Manipulation des Arguments index mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T06:00:07.629Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-257666 | Tenda AC15 WifiWpsStart formWifiWpsStart stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.257666"
},
{
"name": "VDB-257666 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.257666"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-21T22:39:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC15 WifiWpsStart formWifiWpsStart stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2811",
"datePublished": "2024-03-22T06:00:07.629Z",
"dateReserved": "2024-03-21T21:34:43.200Z",
"dateUpdated": "2024-08-21T22:53:07.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Description:
- Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.