Stack-Based Buffer Overflow in ZTE Routers' HTTPD Binary
CVE-2024-45413
Currently unrated
What is CVE-2024-45413?
A vulnerability exists within the HTTPD binary of several ZTE router models, specifically linked to the rsa_decrypt function. This function acts as an API wrapper facilitating the decryption of RSA-encrypted data. However, due to a flaw in handling input length, the decrypted data is improperly managed on the stack, allowing an authenticated attacker to execute arbitrary code with root privileges. This vulnerability emphasizes the importance of rigorous validation in cryptographic functions to avert exploitation risks.