Stack-based Buffer Overflow Vulnerability in Tenda RX9 and RX9 Pro Products
CVE-2024-10281

8.8HIGH

Key Information:

Vendor: Tenda
Status: Rx9 Pro Firmware
Vendor: CVE Published:; 23 October 2024

What is CVE-2024-10281?

A stack-based buffer overflow vulnerability affects the Tenda RX9 and RX9 Pro devices, specifically within the SetStaticRouteCfg function located in the /goform/ directory. The flaw allows for remote manipulation of the argument list, leading to potential exploitation of the device. Attackers could exploit this vulnerability to execute arbitrary code, resulting in compromised device security. The public disclosure of the exploit raises concerns over the safety of devices running vulnerable firmware versions, specifically 22.03.02.10 and 22.03.02.20. It is crucial for users of Tenda RX9 and RX9 Pro to assess their firmware and implement necessary security patches to mitigate risks.

References

https://vuldb.com/?id.281556

https://vuldb.com/?ctiid.281556

https://vuldb.com/?submit.427065

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2024