Stack Overflow Vulnerability in Tenda AX1803 by Tenda
CVE-2024-30620

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ax1803 Firmware
Vendor: CVE Published:; 2 April 2024

What is CVE-2024-30620?

The Tenda AX1803 v1.0.0.1 is susceptible to a stack overflow vulnerability, which is triggered through improper handling of the serviceName parameter in the fromAdvSetMacMtuWan function. Exploitation of this vulnerability may allow attackers to execute arbitrary code or disrupt the normal functionality of the affected device. Proper validation and sanitization of input parameters are critical to mitigating the risks associated with this vulnerability.

References

https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2024