Stack-based Buffer Overflow Vulnerability in Tenda W9 WiFi Router
CVE-2024-4243

8.8HIGH

Key Information:

Vendor: Tenda
Status: W9 Firmware
Vendor: CVE Published:; 26 April 2024

Summary

The Tenda W9 WiFi router version 1.0.0.7 contains a stack-based buffer overflow vulnerability in the formwrlSSIDset function, located in the /goform/wifiSSIDset file. By manipulating the ssidIndex argument, an attacker can exploit this vulnerability remotely, allowing unauthorized access to critical system resources. This vulnerability has been publicly disclosed, increasing the risk of potential exploitation. The vendor, Tenda, has been notified about this issue, but there has been no response or acknowledgment. Users are strongly advised to take immediate action to safeguard their systems until a patch can be provided.

References

https://vuldb.com/?id.262134

https://vuldb.com/?ctiid.262134

https://vuldb.com/?submit.319825

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 26, 2024