Stack Overflow Vulnerability in Tenda AX1803 Devices
CVE-2024-30621

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ax1803 Firmware
Vendor: CVE Published:; 2 April 2024

What is CVE-2024-30621?

The vulnerability identified in Tenda AX1803 (version 1.0.0.1) involves a stack overflow that occurs when a user or attacker inputs a specially crafted value into the serverName parameter during the execution of the fromAdvSetMacMtuWan function. This flaw could be exploited to disrupt the device's operations, potentially leading to unauthorized access or denial of service. It is crucial for users and administrators of affected Tenda product models to evaluate their systems and apply necessary security measures to mitigate the risks associated with this vulnerability.

References

https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2024