CVE-2024-10351

A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md Permissions Required
https://vuldb.com/?ctiid.281699 Permissions Required VDB Entry
https://vuldb.com/?id.281699 Third Party Advisory VDB Entry
https://vuldb.com/?submit.427706 Third Party Advisory VDB Entry
https://www.tenda.com.cn/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*
cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*

History

01 Nov 2024, 16:15

Type Values Removed Values Added
CPE cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*
CWE CWE-787
First Time Tenda
Tenda rx9 Pro
Tenda rx9 Pro Firmware
References () https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md - () https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md - Permissions Required
References () https://vuldb.com/?ctiid.281699 - () https://vuldb.com/?ctiid.281699 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.281699 - () https://vuldb.com/?id.281699 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.427706 - () https://vuldb.com/?submit.427706 - Third Party Advisory, VDB Entry
References () https://www.tenda.com.cn/ - () https://www.tenda.com.cn/ - Product

25 Oct 2024, 12:56

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en Tenda RX9 Pro 22.03.02.20. Se ha calificado como crítica. Este problema afecta a la función sub_424CE0 del archivo /goform/setMacFilterCfg del componente POST Request Handler. La manipulación del argumento deviceList provoca un desbordamiento del búfer basado en la pila. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse.

25 Oct 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-25 00:15

Updated : 2024-11-01 16:15


NVD link : CVE-2024-10351

Mitre link : CVE-2024-10351

CVE.ORG link : CVE-2024-10351


JSON object : View

Products Affected

tenda

  • rx9_pro
  • rx9_pro_firmware
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow