Stack-Based Buffer Overflow in Tenda AC8 Router
CVE-2024-10130

8.8HIGH

Key Information:

Vendor: Tenda
Status: Ac8 Firmware
Vendor: CVE Published:; 18 October 2024

What is CVE-2024-10130?

A severe vulnerability has been discovered in the Tenda AC8 router, specifically in the formSetRebootTimer function located in the /goform/SetSysAutoRebbotCfg file. This vulnerability allows an attacker to manipulate the rebootTime argument, leading to a stack-based buffer overflow. With this exploit, attackers can initiate a remote attack, potentially compromising the router's integrity and user data. The issue has been made publicly known, and attempts to notify Tenda of this vulnerability have gone unanswered. Users of affected versions are strongly advised to implement immediate security measures to safeguard their networks.

References

https://vuldb.com/?id.280918

https://vuldb.com/?ctiid.280918

https://vuldb.com/?submit.422141

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2024