CVE-2024-8225

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:g3_firmware:15.11.0.20:*:*:*:*:*:*:*
cpe:2.3:h:tenda:g3:-:*:*:*:*:*:*:*

History

29 Aug 2024, 00:14

Type Values Removed Values Added
CPE cpe:2.3:o:tenda:g3_firmware:15.11.0.20:*:*:*:*:*:*:*
cpe:2.3:h:tenda:g3:-:*:*:*:*:*:*:*
CVSS v2 : 9.0
v3 : 8.8
v2 : 9.0
v3 : 9.8
CWE CWE-787
First Time Tenda g3
Tenda g3 Firmware
Tenda
References () https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetSysTime.md - () https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetSysTime.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.275934 - () https://vuldb.com/?ctiid.275934 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.275934 - () https://vuldb.com/?id.275934 - VDB Entry
References () https://vuldb.com/?submit.394000 - () https://vuldb.com/?submit.394000 - VDB Entry
References () https://www.tenda.com.cn/ - () https://www.tenda.com.cn/ - Product

28 Aug 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en Tenda G3 15.11.0.20 y clasificada como crítica. La función formSetSysTime del fichero /goform/SetSysTimeCfg es afectada por la vulnerabilidad. La manipulación del argumento sysTimePolicy provoca un desbordamiento del búfer basado en pila. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

27 Aug 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 23:15

Updated : 2024-08-29 00:14


NVD link : CVE-2024-8225

Mitre link : CVE-2024-8225

CVE.ORG link : CVE-2024-8225


JSON object : View

Products Affected

tenda

  • g3_firmware
  • g3
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow