Stack-based Buffer Overflow in Tenda W15E Router
CVE-2024-4125

8.8HIGH

Key Information:

Vendor: Tenda
Status: W15e Firmware
Vendor: CVE Published:; 24 April 2024

What is CVE-2024-4125?

A significant security flaw has been discovered in the Tenda W15E router, specifically within the formSetStaticRoute function located in the /goform/setStaticRoute file. This vulnerability is characterized by a stack-based buffer overflow triggered by improper handling of the 'staticRouteIndex' argument. Attackers can exploit this vulnerability remotely, potentially leading to unauthorized access and control over the affected device. Despite efforts to inform the vendor about the issue, there has been no response, raising concerns about the patching and mitigation of this critical security risk.

References

https://vuldb.com/?id.261868

https://vuldb.com/?ctiid.261868

https://vuldb.com/?submit.317830

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2024