CVE-2024-6963

A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:o3_firmware1.0.0.10\(2478\):*:*:*:*:*:*:*:*
cpe:2.3:h:tenda:o3:2.0:*:*:*:*:*:*:*

History

25 Jul 2024, 15:47

Type Values Removed Values Added
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md - Exploit
References () https://vuldb.com/?ctiid.272117 - () https://vuldb.com/?ctiid.272117 - Permissions Required
References () https://vuldb.com/?id.272117 - () https://vuldb.com/?id.272117 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.374584 - () https://vuldb.com/?submit.374584 - Third Party Advisory, VDB Entry
First Time Tenda
Tenda o3
Tenda o3 Firmware1.0.0.10\(2478\)
CPE cpe:2.3:o:tenda:o3_firmware1.0.0.10\(2478\):*:*:*:*:*:*:*:*
cpe:2.3:h:tenda:o3:2.0:*:*:*:*:*:*:*
CWE CWE-787

22 Jul 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en Tenda O3 1.0.0.10 y clasificada como crítica. Este problema afecta la función formexeCommand. La manipulación del argumento cmdinput provoca un desbordamiento de búfer en la región stack de la memoria. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-272117. NOTA: Se contactó al proveedor tempranamente sobre esta divulgación, pero no respondió de ninguna manera.

22 Jul 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-22 00:15

Updated : 2024-07-25 15:47


NVD link : CVE-2024-6963

Mitre link : CVE-2024-6963

CVE.ORG link : CVE-2024-6963


JSON object : View

Products Affected

tenda

  • o3_firmware1.0.0.10\(2478\)
  • o3
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow