Stack-Based Buffer Overflow in Tenda W9 Router
CVE-2024-4242

8.8HIGH

Key Information:

Vendor: Tenda
Status: W9 Firmware
Vendor: CVE Published:; 26 April 2024

What is CVE-2024-4242?

A serious vulnerability has been identified in the Tenda W9 router, specifically in the function formwrlSSIDget within the file /goform/wifiSSIDget. This vulnerability arises from improper handling of the ssidIndex argument, leading to a stack-based buffer overflow. Remote attackers could exploit this weakness to execute arbitrary code on the device, potentially compromising the network. The exploit was publicly disclosed, indicating that it may be actively targeted by cybercriminals. Users of affected Tenda W9 routers are advised to apply security measures and stay informed about any patches or updates from Tenda.

References

https://vuldb.com/?id.262133

https://vuldb.com/?ctiid.262133

https://vuldb.com/?submit.319824

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2024