Stack-based Buffer Overflow in Tenda W15E Product
CVE-2024-4124

8.8HIGH

Key Information:

Vendor: Tenda
Status: W15e Firmware
Vendor: CVE Published:; 24 April 2024

What is CVE-2024-4124?

A serious stack-based buffer overflow vulnerability has been identified in the Tenda W15E router, specifically affecting the formSetRemoteWebManage function within the /goform/SetRemoteWebManage endpoint. This issue arises from improper handling of the 'remoteIP' argument, which can be exploited by remote attackers to execute arbitrary code. Given that the vendor has not responded to disclosures regarding this vulnerability, users are urged to take immediate precautions, including implementing security best practices and monitoring for any unusual activity.

References

https://vuldb.com/?id.261867

https://vuldb.com/?ctiid.261867

https://vuldb.com/?submit.317829

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2024