Stack-Based Buffer Overflow in Tenda W15E Devices
CVE-2024-4115

8.8HIGH

Key Information:

Vendor: Tenda
Status: W15e Firmware
Vendor: CVE Published:; 24 April 2024

What is CVE-2024-4115?

A severe stack-based buffer overflow vulnerability has been discovered in the Tenda W15E router, specifically in the function 'formAddDnsForward' within the '/goform/AddDnsForward' file. This flaw allows attackers to manipulate the 'DnsForwardRule' argument, potentially leading to remote exploitation. The risk is heightened as the vulnerability has been publicly disclosed, making affected systems particularly vulnerable to attacks. Tenda has been made aware of this issue but has yet to respond, raising concerns about the immediate need for users to secure their devices.

References

https://vuldb.com/?id.261858

https://vuldb.com/?ctiid.261858

https://vuldb.com/?submit.317818

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2024