CVE-2024-45414
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-08-28 CVE Reserved
- 2024-09-16 CVE Published
- 2024-09-17 EPSS Updated
- 2024-09-18 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxhn E1600 Firmware Search vendor "Zte" for product "Zxhn E1600 Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxhn E2603 Firmware Search vendor "Zte" for product "Zxhn E2603 Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxhn E2615 Firmware Search vendor "Zte" for product "Zxhn E2615 Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxhn E2618 Firmware Search vendor "Zte" for product "Zxhn E2618 Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxhn E500 Firmware Search vendor "Zte" for product "Zxhn E500 Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxhn H108n Firmware Search vendor "Zte" for product "Zxhn H108n Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxhn H168a Firmware Search vendor "Zte" for product "Zxhn H168a Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxhn H168n Firmware Search vendor "Zte" for product "Zxhn H168n Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxhn H338a Firmware Search vendor "Zte" for product "Zxhn H338a Firmware" | * | - |
Affected
| ||||||
| Zte Search vendor "Zte" | Zxhn Z500 Firmware Search vendor "Zte" for product "Zxhn Z500 Firmware" | * | - |
Affected
| ||||||