CVE-2024-11061

A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-FUN_0044db3c-stack-overflow-13a0448e619580ae96fee2899545e159 Exploit Third Party Advisory
https://vuldb.com/?ctiid.283807 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.283807 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?submit.440825 Exploit Third Party Advisory VDB Entry
https://www.tenda.com.cn/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*

History

13 Nov 2024, 23:04

Type Values Removed Values Added
First Time Tenda
Tenda ac10 Firmware
Tenda ac10
References () https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-FUN_0044db3c-stack-overflow-13a0448e619580ae96fee2899545e159 - () https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-FUN_0044db3c-stack-overflow-13a0448e619580ae96fee2899545e159 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.283807 - () https://vuldb.com/?ctiid.283807 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.283807 - () https://vuldb.com/?id.283807 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.440825 - () https://vuldb.com/?submit.440825 - Exploit, Third Party Advisory, VDB Entry
References () https://www.tenda.com.cn/ - () https://www.tenda.com.cn/ - Product
CPE cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*

12 Nov 2024, 13:55

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en Tenda AC10 16.03.10.13. La función FUN_0044db3c del archivo /goform/fast_setting_wifi_set se ve afectada por esta vulnerabilidad. La manipulación del argumento timeZone provoca un desbordamiento del búfer basado en la pila. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.

11 Nov 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-11 01:15

Updated : 2024-11-13 23:04


NVD link : CVE-2024-11061

Mitre link : CVE-2024-11061

CVE.ORG link : CVE-2024-11061


JSON object : View

Products Affected

tenda

  • ac10
  • ac10_firmware
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-121

Stack-based Buffer Overflow