cnvd - cnvd-2024-35556

CNVD-2024-35556

Vulnerability from cnvd - Published: 2024-08-14

Title

Tenda i22 formApPortalPhoneAuth栈溢出漏洞

Description

Tenda i22是一款腾达(Tenda)的双频吸顶无线接入点。 Tenda i22 /goform/apPortalPhoneAuth处理formApPortalPhoneAuth存在栈溢出漏洞，远程攻击者可以利用该漏洞提交特殊的请求，可使应用程序崩溃或可以应用程序上下文执行任意代码。

Severity

高

Formal description

厂商尚未发布漏洞修复程序，请及时关注更新： https://www.tenda.com.cn/download/detail-2747.html

Reference

https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalPhoneAuth

Impacted products

Name
Tenda i22 1.0.0.3(4687)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-7584",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-7584"
    }
  },
  "description": "Tenda i22\u662f\u4e00\u6b3e\u817e\u8fbe(Tenda)\u7684\u53cc\u9891\u5438\u9876\u65e0\u7ebf\u63a5\u5165\u70b9\u3002\n\nTenda i22 /goform/apPortalPhoneAuth\u5904\u7406formApPortalPhoneAuth\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u53ef\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.tenda.com.cn/download/detail-2747.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-35556",
  "openTime": "2024-08-14",
  "products": {
    "product": "Tenda i22 1.0.0.3(4687)"
  },
  "referenceLink": "https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalPhoneAuth",
  "serverity": "\u9ad8",
  "submitTime": "2024-08-12",
  "title": "Tenda i22 formApPortalPhoneAuth\u6808\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2024-7584 (GCVE-0-2024-7584)

Vulnerability from cvelistv5 – Published: 2024-08-07 16:31 – Updated: 2024-08-07 17:47

Title

Tenda i22 apPortalPhoneAuth formApPortalPhoneAuth buffer overflow

Summary

A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Overflow

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.273864	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.273864	signaturepermissions-required
	https://vuldb.com/?submit.382836	third-party-advisory
	https://github.com/BeaCox/IoT_vuln/tree/main/tend…	exploit

Impacted products

	Vendor	Product	Version
	Tenda	i22	Affected: 1.0.0.3(4687)

Credits

BeaCox (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tenda:i22_firmware:1.0.0.3\\(4687\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "i22_firmware",
            "vendor": "tenda",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.3\\(4687\\)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7584",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T17:46:34.703315Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:47:32.819Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "i22",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.3(4687)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "BeaCox (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Tenda i22 1.0.0.3(4687) gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion formApPortalPhoneAuth der Datei /goform/apPortalPhoneAuth. Durch Manipulieren des Arguments data mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-07T16:31:04.683Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-273864 | Tenda i22 apPortalPhoneAuth formApPortalPhoneAuth buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.273864"
        },
        {
          "name": "VDB-273864 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.273864"
        },
        {
          "name": "Submit #382836 | Tenda i22 V1.0.0.3(4687) Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.382836"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalPhoneAuth"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-07T08:58:04.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda i22 apPortalPhoneAuth formApPortalPhoneAuth buffer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7584",
    "datePublished": "2024-08-07T16:31:04.683Z",
    "dateReserved": "2024-08-07T06:52:49.391Z",
    "dateUpdated": "2024-08-07T17:47:32.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-35556

CVE-2024-7584 (GCVE-0-2024-7584)

Tags

Sightings

Nomenclature