Stack-based Buffer Overflow in ZTE Router HTTPD Binary
CVE-2024-45415
Currently unrated
What is CVE-2024-45415?
The HTTPD binary in multiple ZTE routers is impacted by a stack-based buffer overflow in the check_data_integrity function. This function is designed to validate the checksum of data within post requests. However, it improperly decrypts and stores the checksum on the stack without sufficient validation, allowing an unauthenticated attacker to exploit this flaw and gain remote code execution as root. This vulnerability poses a significant risk as it can potentially compromise the security of the affected systems.