Remote Stack-Based Buffer Overflow in Tenda O1
CVE-2024-8226

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: O1 Firmware
Vendor: CVE Published:; 28 August 2024

What is CVE-2024-8226?

A critical security vulnerability exists in the Tenda O1 model, specifically within the function formSetCfm located at /goform/setcfm. This flaw stems from improper handling of the funcpara1 argument, leading to a stack-based buffer overflow. Attackers can exploit this vulnerability remotely, potentially allowing them to execute arbitrary code and compromise the system without authentication. The vulnerability has been publicly disclosed, yet Tenda has not responded to inquiries regarding remediation. Users of Tenda O1 with version 1.0.0.7(10648) are strongly advised to implement immediate security measures to mitigate risks associated with this critical flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://vuldb.com/?id.275935

https://vuldb.com/?ctiid.275935

https://vuldb.com/?submit.394009

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2024

JSON

Tenda

What is CVE-2024-8226?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.