Tenda W30E fromRouteStatic stack-based overflow
CVE-2024-3882

8.8HIGH

Key Information:

Vendor

Tenda
Status
W30e
Vendor
CVE Published:
16 April 2024

Badges

👾 Exploit Exists

What is CVE-2024-3882?

A vulnerability exists in the Tenda W30E router, specifically within the fromRouteStatic function located in the /goform/fromRouteStatic file. An attacker can manipulate the 'page' argument, resulting in a stack-based buffer overflow that can be exploited remotely. Public disclosure of the vulnerability raises concerns about its potential exploitation, as no response from the vendor was recorded following initial contact about this issue. This flaw could potentially allow attackers to execute arbitrary code, compromising the integrity and availability of affected devices.

Affected Version(s)

W30E 1.0.1.25(633)

References

https://vuldb.com/?id.260916
vdb-entrytechnical-description
https://vuldb.com/?ctiid.260916
signaturepermissions-required
https://vuldb.com/?submit.312825
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

Credit

wxhwxhwxh_mie (VulDB User)
.