Stack-based Buffer Overflow in ZTE Router HTTPD Binary

CVE-2024-45415

What is CVE-2024-45415?

The HTTPD binary in multiple ZTE routers is impacted by a stack-based buffer overflow in the check_data_integrity function. This function is designed to validate the checksum of data within post requests. However, it improperly decrypts and stores the checksum on the stack without sufficient validation, allowing an unauthenticated attacker to exploit this flaw and gain remote code execution as root. This vulnerability poses a significant risk as it can potentially compromise the security of the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References