Stack-Based Buffer Overflow in Tenda RX9 and RX9 Pro Products
CVE-2024-10283

8.8HIGH

Key Information:

Vendor: Tenda
Status: Rx9 Pro Firmware
Vendor: CVE Published:; 23 October 2024

What is CVE-2024-10283?

A stack-based buffer overflow vulnerability has been identified in the function sub_4337EC located in the SetNetControlList interface of Tenda RX9 and RX9 Pro routers, specifically in firmware version 22.03.02.20. This vulnerability can be exploited remotely, allowing an attacker to manipulate input arguments to facilitate unauthorized access or further exploitation. The exploit has been made public, raising concerns for users of these devices. It is critical for users to apply security patches or mitigate risks to protect their networks from potential attacks.

References

https://vuldb.com/?id.281558

https://vuldb.com/?ctiid.281558

https://vuldb.com/?submit.427064

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2024