Stack Overflow Vulnerability in Tenda O6 V3.0 Firmware
CVE-2024-46049

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: O6 Firmware
Vendor: CVE Published:; 13 September 2024

Summary

The Tenda O6 V3.0 firmware version V1.0.0.7(2054) is affected by a stack overflow vulnerability located in the formexeCommand function. This security flaw arises due to improper handling of input parameters, which may allow an attacker to exploit the system. Successful exploitation could potentially lead to unauthorized access, data breaches, or a complete system compromise, posing significant risks to the integrity and confidentiality of the affected devices.

References

https://github.com/BenJpopo/V/blob/main/Tenda/O6/formexeC...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Sep 11, 2024

Collectors

NVD DatabaseMitre Database