CVE-2024-0995 in Tenda
Summary
by MITRE • 01/29/2024
A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/03/2025
This critical vulnerability in Tenda W6 router firmware version 1.0.0.9(4122) represents a stack-based buffer overflow flaw within the httpd web server component. The vulnerability specifically resides in the formwrlSSIDset function located in the /goform/wifiSSIDset file, making it accessible through the web interface. The flaw occurs when processing the index argument parameter, which allows attackers to manipulate memory allocation patterns in a way that overflows the stack buffer and potentially corrupts adjacent memory regions. This type of vulnerability falls under CWE-121 Stack-based Buffer Overflow, which is classified as a critical severity issue due to its potential for arbitrary code execution.
The remote exploitation capability of this vulnerability means that attackers can trigger the buffer overflow without physical access to the device, making it particularly dangerous for networked environments. The disclosure of a public exploit for this vulnerability (VDB-252260) significantly increases the risk level as malicious actors can readily leverage this flaw to compromise affected routers. This attack vector aligns with ATT&CK technique T1210, which involves exploiting weaknesses in remote services to gain unauthorized access. The vulnerability's impact extends beyond simple denial of service, as stack-based buffer overflows can lead to complete system compromise, allowing attackers to execute arbitrary commands with the privileges of the web server process.
The operational implications of this vulnerability are severe for any organization using affected Tenda W6 devices, as compromised routers can serve as entry points for broader network infiltration. Attackers could potentially redirect traffic, establish backdoors, or use the compromised device as a pivot point to attack other systems within the network. The lack of vendor response to early disclosure attempts exacerbates the situation, leaving users without official patches or mitigation guidance. This scenario demonstrates the critical importance of maintaining current firmware updates and implementing network segmentation to limit the potential impact of such vulnerabilities. Organizations should immediately disable unnecessary remote access to affected devices and consider implementing network monitoring to detect suspicious traffic patterns that might indicate exploitation attempts.
The vulnerability's location within the web interface component makes it particularly attractive to attackers who can leverage standard web application penetration testing tools to identify and exploit the flaw. The buffer overflow condition occurs during parameter processing, suggesting that input validation is insufficient to prevent malicious data from exceeding allocated buffer boundaries. This weakness creates a pathway for attackers to potentially overwrite return addresses or other critical stack variables, leading to arbitrary code execution. The combination of remote exploitability, public disclosure, and vendor inaction creates an urgent security risk that requires immediate attention from network administrators and security teams responsible for protecting enterprise networks.