Stack-Based Buffer Overflow in Tenda AC8 Router
CVE-2024-10123

8.8HIGH

Key Information:

Vendor: Tenda
Status: Ac8 Firmware
Vendor: CVE Published:; 18 October 2024

Summary

A significant vulnerability has been identified in the Tenda AC8 router, specifically in the compare_parentcontrol_time function located in the /goform/saveParentControlInfo file. This flaw can be exploited remotely, allowing an attacker to manipulate the 'time' argument, which leads to a stack-based buffer overflow. With this vulnerability, unauthorized users may execute arbitrary code, potentially compromising the integrity and security of affected systems. Early notifications were sent to Tenda regarding this security risk, but there has been no response to address the issue. Organizations utilizing the Tenda AC8 should evaluate their security posture and consider updates or mitigation strategies to protect against potential exploits.

References

https://vuldb.com/?id.280915

https://vuldb.com/?ctiid.280915

https://vuldb.com/?submit.421340

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2024

Collectors

NVD Database