CVE-2024-4122

🗓️ 24 Apr 2024 18:00:08Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 43 Views🌐 WEB

Critical stack-based buffer overflow vulnerability in Tenda W15E 15.11.0.14

Reporter	Title	Published	Views	Family All 8
CNNVD	Tenda W15E 安全漏洞	24 Apr 202400:00	–	cnnvd
CNVD	Shenzhen Jixiang Tengda Technology Co., Ltd W15E formSetDebugCfg method buffer overflow vulnerability	28 Apr 202400:00	–	cnvd
Cvelist	CVE-2024-4122 Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow	24 Apr 202418:00	–	cvelist
EUVD	EUVD-2024-32683	3 Oct 202520:07	–	euvd
NVD	CVE-2024-4122	24 Apr 202418:15	–	nvd
Positive Technologies	PT-2024-3220 · Tenda · Tenda W15E	17 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-4122	5 Feb 202500:09	–	redhatcve
Vulnrichment	CVE-2024-4122 Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow	24 Apr 202418:00	–	vulnrichment

NVD

Vulners

Node

tenda w15e_firmwareMatch15.11.0.14

AND

tenda w15eMatch-

[
  {
    "vendor": "Tenda",
    "product": "W15E",
    "versions": [
      {
        "version": "15.11.0.14",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetDebugCfg.md
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
enable	request body	/goform/setDebugCfg	Stack-based buffer overflow in formSetDebugCfg via manipulation of enable/level/module	CWE-787, CWE-121
level	request body	/goform/setDebugCfg	Stack-based buffer overflow in formSetDebugCfg via manipulation of enable/level/module	CWE-787, CWE-121
module	request body	/goform/setDebugCfg	Stack-based buffer overflow in formSetDebugCfg via manipulation of enable/level/module	CWE-787, CWE-121

15 Jan 2025 18:43Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.18.8

CVSS 29

CVSS 38.8

EPSS0.00136

SSVC