Stack Overflow Vulnerability in Tenda AC18 by Tenda
CVE-2024-57579

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: Tenda AC18
Vendor: CVE Published:; 16 January 2025

Summary

The Tenda AC18 router, specifically version V15.03.05.19, has a vulnerability that allows for a stack overflow condition. This occurs through improper handling of the 'limitSpeedUp' parameter within the 'formSetClientState' function, potentially enabling attackers to exploit this weakness. Such vulnerabilities may allow for unauthorized access or manipulation of device functionalities, posing significant risks to network security. It is crucial for users and administrators to apply available patches and follow best practices to mitigate the risks associated with this vulnerability.

References

https://github.com/qijiale/Tenda/tree/main/6

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 9, 2025