CVE-2024-4241

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. This vulnerability affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-262132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formQosManageDouble_user.md Broken Link
https://vuldb.com/?ctiid.262132 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.262132 Third Party Advisory VDB Entry
https://vuldb.com/?submit.319823 Third Party Advisory VDB Entry
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formQosManageDouble_user.md Broken Link
https://vuldb.com/?ctiid.262132 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.262132 Third Party Advisory VDB Entry
https://vuldb.com/?submit.319823 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:w9_firmware:1.0.0.7\(4456\):*:*:*:*:*:*:*
cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*

History

27 Jan 2025, 18:29

Type Values Removed Values Added
First Time Tenda
Tenda w9 Firmware
Tenda w9
CPE cpe:2.3:h:tenda:w9:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:w9_firmware:1.0.0.7\(4456\):*:*:*:*:*:*:*
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formQosManageDouble_user.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formQosManageDouble_user.md - Broken Link
References () https://vuldb.com/?ctiid.262132 - () https://vuldb.com/?ctiid.262132 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.262132 - () https://vuldb.com/?id.262132 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.319823 - () https://vuldb.com/?submit.319823 - Third Party Advisory, VDB Entry
CWE CWE-787

21 Nov 2024, 09:42

Type Values Removed Values Added
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formQosManageDouble_user.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formQosManageDouble_user.md -
References () https://vuldb.com/?ctiid.262132 - () https://vuldb.com/?ctiid.262132 -
References () https://vuldb.com/?id.262132 - () https://vuldb.com/?id.262132 -
References () https://vuldb.com/?submit.319823 - () https://vuldb.com/?submit.319823 -

14 May 2024, 15:43

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Tenda W9 1.0.0.7(4456). Ha sido declarada crítica. Esta vulnerabilidad afecta a la función formQosManageDouble_auto. La manipulación del argumento ssidIndex provoca un desbordamiento de búfer en la región stack de la memoria. El ataque se puede iniciar de forma remota. El identificador de esta vulnerabilidad es VDB-262132. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

26 Apr 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-26 21:15

Updated : 2025-01-27 18:29


NVD link : CVE-2024-4241

Mitre link : CVE-2024-4241

CVE.ORG link : CVE-2024-4241


JSON object : View

Products Affected

tenda

  • w9_firmware
  • w9
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write