Stack-Based Buffer Overflow in Tenda W15E Product
CVE-2024-4119

8.8HIGH

Key Information:

Vendor: Tenda
Status: W15e Firmware
Vendor: CVE Published:; 24 April 2024

Summary

A critical security vulnerability has been identified in Tenda's W15E routers, specifically affecting version 15.11.0.14. The flaw resides in the formIPMacBindDel function located within the /goform/delIpMacBind file, where improper handling of the IPMacBindIndex argument can lead to a stack-based buffer overflow. This can potentially allow remote attackers to execute arbitrary code, posing serious risks to network security. Despite efforts to notify Tenda about this discovery, no response was received, highlighting a critical need for users to secure their routers against potential exploits. Immediate action is recommended to mitigate the risk associated with this vulnerability.

References

https://vuldb.com/?id.261862

https://vuldb.com/?ctiid.261862

https://vuldb.com/?submit.317824

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2024