Critical Vulnerability in Tenda A301 Could Lead to Remote Exploitation
CVE-2024-6402
9.8CRITICAL
Key Information
- Vendor
- Tenda
- Status
- A301
- Vendor
- CVE Published:
- 28 June 2024
Summary
A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269947. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected Version(s)
A301 = 15.13.08.12
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 6.5 - (MEDIUM)
VulDB entry last update
Vulnerability Reserved.
VulDB entry created
Advisory disclosed
Vulnerability published.
Collectors
NVD DatabaseMitre Database
Credit
dexter_zg (VulDB User)