Stack-based Buffer Overflow in Tenda O3 Device
CVE-2024-6963

8.8HIGH

Key Information:

Vendor: Tenda
Status: O3 Firmware1.0.0.10\(2478\)
Vendor: CVE Published:; 22 July 2024

Summary

A critical vulnerability has been identified in the Tenda O3 with version 1.0.0.10, wherein the function formexeCommand is susceptible to a stack-based buffer overflow due to improper handling of the cmdinput argument. This critical flaw permits an attacker to execute arbitrary code remotely, potentially compromising the device's integrity and security, making it imperative for users to secure their devices promptly. Despite early notifications, the vendor did not respond regarding the disclosure of this vulnerability, raising concerns about timely security updates in the future. For more detailed insights and indicators, visit the related references.

References

https://vuldb.com/?id.272117

https://vuldb.com/?ctiid.272117

https://vuldb.com/?submit.374584

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 22, 2024

Collectors

NVD Database