Stack Overflow Vulnerability in Tenda W18E Web Management Portal
CVE-2024-46435

8HIGH

Key Information:

Vendor: Tenda
Status: W18E
Vendor: CVE Published:; 10 February 2025

Summary

A stack overflow vulnerability exists in the web management portal of the Tenda W18E, specifically in the delFacebookPic function. This flaw allows an authenticated remote attacker to exploit improper input validation, potentially leading to a denial of service or even the execution of arbitrary code. It is crucial for users to patch this vulnerability to safeguard their systems against unauthorized access and operational disruptions.

References

https://reddassolutions.com/blog/tenda_w18e_security_rese...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Sep 11, 2024