We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-0991

Tenda i6 httpd setcfm formSetCfm stack-based overflow



AssignerVulDB
Reserved2024-01-28
Published2024-01-29
Updated2024-10-18

Description

EN DE

A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classified as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

In Tenda i6 1.0.0.9(3857) wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion formSetCfm der Datei /goform/setcfm der Komponente httpd. Durch Manipulation des Arguments funcpara1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.



HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
HIGH: 7.2CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.3CVSS:2.0/AV:N/AC:L/Au:M/C:C/I:C/A:C

Product status

1.0.0.9(3857)
affected

Timeline

2024-01-28:Advisory disclosed
2024-01-28:VulDB entry created
2024-01-28:VulDB entry last update

Credits

jylsec (VulDB User) reporter

References

https://vuldb.com/?id.252256 vdb-entry technical-description

https://vuldb.com/?ctiid.252256 signature permissions-required

https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-9c9952ba7216422c8188e75c94bb531a?pvs=4 exploit

cve.org CVE-2024-0991

nvd.nist.gov CVE-2024-0991

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-0991
Subscribe to our newsletter to learn more about our work.