Buffer Overflow Vulnerability in Tenda O3 Devices
CVE-2024-6962

8.8HIGH

Key Information:

Vendor: Tenda
Status: O3 Firmware1.0.0.10\(2478\)
Vendor: CVE Published:; 22 July 2024

What is CVE-2024-6962?

A serious buffer overflow vulnerability exists in the Tenda O3 device version 1.0.0.10 that could allow remote attackers to manipulate input parameters within the formQosSet function. This stack-based buffer overflow can be triggered through crafted requests, potentially allowing attackers to execute arbitrary code or disrupt device functionality. As the exploit is publicly disclosed, immediate attention and mitigation are recommended for affected users, as the vendor has not yet provided an update or patch for this issue.

References

https://vuldb.com/?id.272116

https://vuldb.com/?ctiid.272116

https://vuldb.com/?submit.374583

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2024