Lucene search

VulDBCVE-2024-6962

HistoryJul 22, 2024 - 12:15 a.m.

CVE-2024-6962

2024-07-2200:15:02

CWE-787

CWE-121

VulDB

web.nvd.nist.gov

vulnerability

tenda o3

buffer overflow

remote exploit

public disclosure

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

38.9%

JSON

A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

tendao3_firmware1.0.0.10\(2478\)

AND

tendao3Match2.0

VendorProductVersionCPE
tendao3_firmware1.0.0.10\(2478\)*cpe:2.3:o:tenda:o3_firmware1.0.0.10\(2478\):*:*:*:*:*:*:*:*
tendao32.0cpe:2.3:h:tenda:o3:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	o3_firmware1.0.0.10\(2478\)	*	cpe:2.3:o:tenda:o3_firmware1.0.0.10\(2478\)::::::::
tenda	o3	2.0	cpe:2.3:h:tenda:o3:2.0:::::::*

CNA Affected

[
  {
    "vendor": "Tenda",
    "product": "O3",
    "versions": [
      {
        "version": "1.0.0.10",
        "status": "affected"
      }
    ]
  }
]

References

github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formQosSet.md

vuldb.com/?ctiid.272116

vuldb.com/?id.272116

vuldb.com/?submit.374583

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

38.9%

JSON

Related for CVE-2024-6962