Tenda W9 1.0.0.7(4456) httpd formQosManage_user ssidIndex minneskorruption

InträdeHistoryjsonxmlCTI

En kritisksvag punkt hittades i Tenda W9 1.0.0.7(4456). Som påverkar funktionen formQosManage_user av komponenten httpd. Manipulering av argumenten ssidIndex en okänd ingång leder till en sårbarhet klass minneskorruption svag punkt. Den rådgivande finns tillgänglig för nedladdning på github.com. Denna svaga punkt är känd som CVE-2024-0539. Attacken på nätet kan. Det finns tekniska detaljer känd. Han deklarerade proof-of-concept. Den exploit kan laddas ner från github.com. En möjlig åtgärd har utfärdats före och inte efter offentliggörandet.

Fält	14/01/2024 18:27	03/02/2024 09:30
vendor	Tenda	Tenda
name	W9	W9
version	1.0.0.7(4456)	1.0.0.7(4456)
component	httpd	httpd
function	formQosManage_user	formQosManage_user
argument	ssidIndex	ssidIndex
cwe	121 (minneskorruption)	121 (minneskorruption)
risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	H	H
cvss3_vuldb_i	H	H
cvss3_vuldb_a	H	H
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
url	https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md	https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md
availability	1	1
publicity	1	1
url	https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md	https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md
cve	CVE-2024-0539	CVE-2024-0539
responsible	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
date	1705186800 (14/01/2024)	1705186800 (14/01/2024)
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	C	C
cvss2_vuldb_ii	C	C
cvss2_vuldb_ai	C	C
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss2_vuldb_au	S	S
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_rl	X	X
cvss2_vuldb_basescore	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0
cvss3_meta_basescore	8.8	9.1
cvss3_meta_tempscore	8.0	8.9
price_0day	$0-$5k	$0-$5k
cve_assigned		1705186800 (14/01/2024)
cve_nvd_summary		A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
cvss3_nvd_av		N
cvss3_nvd_ac		L
cvss3_nvd_pr		N
cvss3_nvd_ui		N
cvss3_nvd_s		U
cvss3_nvd_c		H
cvss3_nvd_i		H
cvss3_nvd_a		H
cvss2_nvd_av		N
cvss2_nvd_ac		L
cvss2_nvd_au		S
cvss2_nvd_ci		C
cvss2_nvd_ii		C
cvss2_nvd_ai		C
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		H
cvss3_cna_i		H
cvss3_cna_a		H
cve_cna		VulDB
cvss2_nvd_basescore		9.0
cvss3_nvd_basescore		9.8
cvss3_cna_basescore		8.8

◂ Tidigare Översikt Nästa ▸

Interested in the pricing of exploits?

See the underground prices here!