Stack-based Buffer Overflow in Tenda AC10 Router
CVE-2024-11248

8.8HIGH

Key Information:

Vendor: Tenda
Status: Ac10 Firmware
Vendor: CVE Published:; 15 November 2024

Summary

A significant vulnerability exists within the Tenda AC10 router, specifically in the formSetRebootTimer function located in the /goform/SetSysAutoRebbotCfg file. This vulnerability enables a stack-based buffer overflow due to improper handling of the rebootTime argument. The flaw permits threat actors to launch remote attacks, potentially leading to unauthorized access to the device. The disclosure of this exploit in public forums increases the urgency for device owners to address the vulnerability to safeguard their networks.

References

https://vuldb.com/?id.284684

https://vuldb.com/?ctiid.284684

https://vuldb.com/?submit.443204

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024

Collectors

NVD Database