Lucene search

VulDBCVE-2024-7584

HistoryAug 07, 2024 - 5:15 p.m.

CVE-2024-7584

2024-08-0717:15:52

CWE-120

VulDB

web.nvd.nist.gov

tenda i22

buffer overflow

remote attack

vulnerability

disclosure

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected configurations

Nvd

Node

tendai22_firmwareMatch1.0.0.3\(4687\)

AND

tendai22Match-

VendorProductVersionCPE
tendai22_firmware1.0.0.3(4687)cpe:2.3:o:tenda:i22_firmware:1.0.0.3\(4687\):*:*:*:*:*:*:*
tendai22-cpe:2.3:h:tenda:i22:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tenda	i22_firmware	1.0.0.3(4687)	cpe:2.3:o:tenda:i22_firmware:1.0.0.3\(4687\):::::::*
tenda	i22	-	cpe:2.3:h:tenda:i22:-:::::::*

CNA Affected

[
  {
    "vendor": "Tenda",
    "product": "i22",
    "versions": [
      {
        "version": "1.0.0.3(4687)",
        "status": "affected"
      }
    ]
  }
]

References

github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalPhoneAuth

vuldb.com/?ctiid.273864

vuldb.com/?id.273864

vuldb.com/?submit.382836

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

Related for CVE-2024-7584