CVE-2024-6963

A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:o3_firmware1.0.0.10\(2478\):*:*:*:*:*:*:*:*
cpe:2.3:h:tenda:o3:2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:50

Type Values Removed Values Added
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md - Exploit () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md - Exploit
References () https://vuldb.com/?ctiid.272117 - Permissions Required () https://vuldb.com/?ctiid.272117 - Permissions Required
References () https://vuldb.com/?id.272117 - Third Party Advisory, VDB Entry () https://vuldb.com/?id.272117 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.374584 - Third Party Advisory, VDB Entry () https://vuldb.com/?submit.374584 - Third Party Advisory, VDB Entry

25 Jul 2024, 15:47

Type Values Removed Values Added
First Time Tenda
Tenda o3 Firmware1.0.0.10\(2478\)
Tenda o3
CPE cpe:2.3:o:tenda:o3_firmware1.0.0.10\(2478\):*:*:*:*:*:*:*:*
cpe:2.3:h:tenda:o3:2.0:*:*:*:*:*:*:*
CWE CWE-787
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md - Exploit
References () https://vuldb.com/?ctiid.272117 - () https://vuldb.com/?ctiid.272117 - Permissions Required
References () https://vuldb.com/?id.272117 - () https://vuldb.com/?id.272117 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.374584 - () https://vuldb.com/?submit.374584 - Third Party Advisory, VDB Entry

22 Jul 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en Tenda O3 1.0.0.10 y clasificada como crítica. Este problema afecta la función formexeCommand. La manipulación del argumento cmdinput provoca un desbordamiento de búfer en la región stack de la memoria. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-272117. NOTA: Se contactó al proveedor tempranamente sobre esta divulgación, pero no respondió de ninguna manera.

22 Jul 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-22 00:15

Updated : 2024-11-21 09:50


NVD link : CVE-2024-6963

Mitre link : CVE-2024-6963

CVE.ORG link : CVE-2024-6963


JSON object : View

Products Affected

tenda

  • o3
  • o3_firmware1.0.0.10\(2478\)
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write