THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-6143

Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability

Assigner:zdi
Reserved:2024-06-18
Published:2024-06-18
Updated:2024-06-18

Description

Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21414.



HIGH: 8.8CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unknown

1.2L.03.5
affected

References

https://www.zerodayinitiative.com/advisories/ZDI-24-806/ (ZDI-24-806)

cve.org CVE-2024-6143

nvd.nist.gov CVE-2024-6143

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-6143
Find us on
Data Privacy
Terms of Use
Logo Silicon Valley Europe
Logo BSI Allianz für Cyber-Sicherheit