Stack-Based Buffer Overflow in Tenda W15E Router
CVE-2024-4123

8.8HIGH

Key Information:

Vendor: Tenda
Status: W15e Firmware
Vendor: CVE Published:; 24 April 2024

Summary

A critical security flaw has been identified in the Tenda W15E router, specifically within the function formSetPortMapping located in /goform/SetPortMapping. This vulnerability arises from improper handling of the portMappingServer, portMappingProtocol, portMappingWan, portMappingInternal, and portMappingExternal parameters, which can lead to a stack-based buffer overflow. Such an exploit allows an attacker to remotely execute code by carefully crafting input to the vulnerable parameters. As the exploit has been publicly disclosed, immediate action is advised to mitigate the risk. Users and administrators of the Tenda W15E should review their firmware versions and apply security updates as soon as they become available to protect against potential attacks.

References

https://vuldb.com/?id.261866

https://vuldb.com/?ctiid.261866

https://vuldb.com/?submit.317828

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2024