Stack-Based Buffer Overflow in Tenda W15E Router
CVE-2024-4117

8.8HIGH

Key Information:

Vendor: Tenda
Status: W15e Firmware
Vendor: CVE Published:; 24 April 2024

What is CVE-2024-4117?

A severe vulnerability affecting the Tenda W15E router has been identified, stemming from a stack-based buffer overflow in the formDelPortMapping function located in the DelPortMapping endpoint. This vulnerability arises when the portMappingIndex argument is improperly handled, enabling remote attackers to exploit this flaw. The potential for remote exploitation positions this issue as a critical security concern, particularly due to its disclosure to the public. Despite earlier notifications, Tenda has not responded regarding this vulnerability, which necessitates immediate attention and remediation to secure affected devices.

References

https://vuldb.com/?id.261860

https://vuldb.com/?ctiid.261860

https://vuldb.com/?submit.317822

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2024