Stack-based Buffer Overflow Vulnerability in Tenda W9
CVE-2024-4240

8.8HIGH

Key Information:

Vendor: Tenda
Status: W9 Firmware
Vendor: CVE Published:; 26 April 2024

What is CVE-2024-4240?

A remote exploitable vulnerability has been discovered in the Tenda W9 router, specifically in the formQosManageDouble_user function. The flaw arises from improper handling of the ssidIndex argument, which can lead to a stack-based buffer overflow, allowing an attacker to execute arbitrary code. This vulnerability highlights potential security weaknesses in IoT devices, urging users to implement necessary security measures to safeguard their networks.

References

https://vuldb.com/?id.262131

https://vuldb.com/?ctiid.262131

https://vuldb.com/?submit.319822

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2024