Remote Stack-Based Buffer Overflow in Tenda O1
CVE-2024-8226

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: O1 Firmware
Vendor: CVE Published:; 28 August 2024

Summary

A critical security vulnerability exists in the Tenda O1 model, specifically within the function formSetCfm located at /goform/setcfm. This flaw stems from improper handling of the funcpara1 argument, leading to a stack-based buffer overflow. Attackers can exploit this vulnerability remotely, potentially allowing them to execute arbitrary code and compromise the system without authentication. The vulnerability has been publicly disclosed, yet Tenda has not responded to inquiries regarding remediation. Users of Tenda O1 with version 1.0.0.7(10648) are strongly advised to implement immediate security measures to mitigate risks associated with this critical flaw.

References

https://vuldb.com/?id.275935

https://vuldb.com/?ctiid.275935

https://vuldb.com/?submit.394009

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2024