CVE-2024-11056

A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-stack-overflow-1380448e619580409bb1e1ac85f45570 Exploit Third Party Advisory
https://vuldb.com/?ctiid.283800 Permissions Required Third Party Advisory
https://vuldb.com/?id.283800 Permissions Required Third Party Advisory
https://vuldb.com/?submit.439358 Exploit Third Party Advisory
https://www.tenda.com.cn/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*

History

14 Nov 2024, 15:21

Type Values Removed Values Added
First Time Tenda
Tenda ac10 Firmware
Tenda ac10
References () https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-stack-overflow-1380448e619580409bb1e1ac85f45570 - () https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-stack-overflow-1380448e619580409bb1e1ac85f45570 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.283800 - () https://vuldb.com/?ctiid.283800 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.283800 - () https://vuldb.com/?id.283800 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?submit.439358 - () https://vuldb.com/?submit.439358 - Exploit, Third Party Advisory
References () https://www.tenda.com.cn/ - () https://www.tenda.com.cn/ - Product
CPE cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*

12 Nov 2024, 13:55

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en Tenda AC10 16.03.10.13. La función FUN_0046AC38 del archivo /goform/WifiExtraSet está afectada. La manipulación del argumento wpapsk_crypto provoca un desbordamiento del búfer basado en la pila. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse.

10 Nov 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-10 17:15

Updated : 2024-11-14 15:21


NVD link : CVE-2024-11056

Mitre link : CVE-2024-11056

CVE.ORG link : CVE-2024-11056


JSON object : View

Products Affected

tenda

  • ac10
  • ac10_firmware
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-121

Stack-based Buffer Overflow