Stack-Based Buffer Overflow in ZTE Routers' HTTPD Binary
CVE-2024-45413

Currently unrated

Key Information:

Vendor

ZTE

Vendor
CVE Published:
16 September 2024

What is CVE-2024-45413?

A vulnerability exists within the HTTPD binary of several ZTE router models, specifically linked to the rsa_decrypt function. This function acts as an API wrapper facilitating the decryption of RSA-encrypted data. However, due to a flaw in handling input length, the decrypted data is improperly managed on the stack, allowing an authenticated attacker to execute arbitrary code with root privileges. This vulnerability emphasizes the importance of rigorous validation in cryptographic functions to avert exploitation risks.

References

Timeline

  • Vulnerability published

.