Stack-Based Buffer Overflow in Tenda AC8 Router
CVE-2024-10123

8.8HIGH

Key Information:

Vendor: Tenda
Status: Ac8 Firmware
Vendor: CVE Published:; 18 October 2024

What is CVE-2024-10123?

A significant vulnerability has been identified in the Tenda AC8 router, specifically in the compare_parentcontrol_time function located in the /goform/saveParentControlInfo file. This flaw can be exploited remotely, allowing an attacker to manipulate the 'time' argument, which leads to a stack-based buffer overflow. With this vulnerability, unauthorized users may execute arbitrary code, potentially compromising the integrity and security of affected systems. Early notifications were sent to Tenda regarding this security risk, but there has been no response to address the issue. Organizations utilizing the Tenda AC8 should evaluate their security posture and consider updates or mitigation strategies to protect against potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://vuldb.com/?id.280915

https://vuldb.com/?ctiid.280915

https://vuldb.com/?submit.421340

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2024

JSON

Tenda

What is CVE-2024-10123?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.