Stack-Based Buffer Overflow in Tenda A301 Product Line
CVE-2024-4291

8.8HIGH

Key Information:

Vendor: Tenda
Status: A301
Vendor: CVE Published:; 27 April 2024

Badges

👾 Exploit Exists

What is CVE-2024-4291?

A critical vulnerability affecting the Tenda A301 product line has been identified, which allows remote attackers to exploit a stack-based buffer overflow when manipulating the 'deviceList' parameter in the 'formAddMacfilterRule' function within the '/goform/setBlackRule' file. This flaw may lead to unauthorized access and potential control over the device. The flaw has been publicly disclosed, indicating a significant risk for users of the affected version (15.13.08.12_multi_TDE01). Although the vendor was alerted prior to the public disclosure, no response has been recorded, leaving users vulnerable to potential exploitation.

Affected Version(s)

A301 15.13.08.12_multi_TDE01

References

https://vuldb.com/?id.262223

vdb-entrytechnical-description

https://vuldb.com/?ctiid.262223

signaturepermissions-required

https://vuldb.com/?submit.320672

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 27, 2024
Vulnerability published
Apr 27, 2024
Vulnerability Reserved
Apr 27, 2024

Credit

L1ziang (VulDB User)

JSON