Stack-Based Buffer Overflow Vulnerability in Tenda A301
CVE-2024-7581

9.8CRITICAL

Key Information:

Vendor
Tenda
Status
A301 Firmware
Vendor
CVE Published:
7 August 2024

Summary

A significant vulnerability has been identified in the Tenda A301 router, specifically affecting version 15.13.08.12. This flaw lies within the 'formWifiBasicSet' function of the /goform/WifiBasicSet file, where a buffer overflow occurs due to improper handling of the 'security' argument. The remote exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected device, leading to potential unauthorized access and control over the device. Despite prior disclosure attempts to the vendor, there has been no response regarding the mitigation or remediation of this critical risk, raising serious concerns about the security posture of devices running this firmware version.

References

https://vuldb.com/?id.273861
Third Party AdvisoryVDB Entry
https://vuldb.com/?ctiid.273861
Permissions RequiredVDB Entry
https://vuldb.com/?submit.382745
Third Party AdvisoryVDB Entry

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD Database
.