CVE-2024-2813

A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*

History

26 Mar 2024, 03:14

Type Values Removed Values Added
CPE cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.257668 - () https://vuldb.com/?ctiid.257668 - Permissions Required
References () https://vuldb.com/?id.257668 - () https://vuldb.com/?id.257668 - Third Party Advisory
Summary
  • (es) Se encontró una vulnerabilidad en Tenda AC15 15.03.20_multi. Ha sido declarada crítica. Esta vulnerabilidad afecta a la función form_fast_setting_wifi_set del archivo /goform/fast_setting_wifi_set. La manipulación del argumento ssid provoca un desbordamiento de búfer en la región stack de la memoria. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-257668. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
First Time Tenda ac15 Firmware
Tenda
Tenda ac15
CVSS v2 : 9.0
v3 : 8.8
v2 : 9.0
v3 : 9.8

22 Mar 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-22 07:15

Updated : 2024-05-17 02:38


NVD link : CVE-2024-2813

Mitre link : CVE-2024-2813

CVE.ORG link : CVE-2024-2813


JSON object : View

Products Affected

tenda

  • ac15
  • ac15_firmware
CWE
CWE-121

Stack-based Buffer Overflow