CVE-2024-11248
Tenda AC10 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Eine Schwachstelle wurde in Tenda AC10 16.03.10.13 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion formSetRebootTimer der Datei /goform/SetSysAutoRebbotCfg. Durch Manipulation des Arguments rebootTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-11-15 CVE Reserved
- 2024-11-15 CVE Published
- 2024-11-15 CVE Updated
- 2024-11-15 First Exploit
- 2024-11-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.284684 | Technical Description | |
https://vuldb.com/?submit.443204 | Third Party Advisory | |
https://www.tenda.com.cn | Product |
URL | Date | SRC |
---|---|---|
https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-formSetRebootTimer-stack-overflow-13d0448e619580bf8ab1df7cfb6c018b | 2024-11-15 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Tenda Search vendor "Tenda" | AC10 Search vendor "Tenda" for product "AC10" | 16.03.10.13 Search vendor "Tenda" for product "AC10" and version "16.03.10.13" | en |
Affected
|