Tenda W9 httpd setWrlAccessList stack-based overflow
CVE-2024-0536
Key Information:
Badges
What is CVE-2024-0536?
A vulnerability exists in the Tenda W9 1.0.0.7, specifically within the setWrlAccessList function of the httpd component. The issue arises from improper handling of the ssidIndex argument, leading to a stack-based buffer overflow. This weakness allows for potential remote exploitation, enabling attackers to execute arbitrary code. Despite early notification of the vulnerability to the vendor, Tenda did not respond. As the exploit has been publicly disclosed, it poses a significant risk to users of the affected product.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
W9 1.0.0.7(4456)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
CVSS V3.0
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved