Stack-Based Buffer Overflow in Tenda AX1806 Devices
CVE-2024-4239

8.8HIGH

Key Information:

Vendor: Tenda
Status: Ax1806 Firmware
Vendor: CVE Published:; 26 April 2024

Summary

The Tenda AX1806 model 1.0.0.1 exhibits a critical vulnerability linked to a stack-based buffer overflow in the function formSetRebootTimer, located in the /goform/SetRebootTimer file. This flaw allows an attacker to manipulate the rebootTime argument, which can lead to remote code execution. Since the vulnerability has been publicly disclosed, it is crucial for users of the affected devices to implement necessary security measures. Notably, Tenda's lack of response to early disclosure attempts raises concerns about the company's commitment to user security.

References

https://vuldb.com/?id.262130

https://vuldb.com/?ctiid.262130

https://vuldb.com/?submit.319235

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 26, 2024