Stack-Based Buffer Overflow Vulnerability in Tenda AX1806 Firmware
CVE-2024-40415

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Ax1806 Firmware
Vendor: CVE Published:; 15 July 2024

Summary

A vulnerability exists in the Tenda AX1806 firmware (version 1.0.0.1) within the /goform/SetStaticRouteCfg function, specifically in sub_519F4. This issue is characterized by a stack-based buffer overflow, which can potentially allow an attacker to execute arbitrary code, leading to unauthorized access and significant risks to device functionality and data integrity. Immediate attention is required to safeguard against exploitation.

References

https://github.com/Feng-ZZ-pwn/IOT/blob/main/Tenda%20AX_1...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2024