CVE-2024-33182

Tenda AC18 V15.03.3.10EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter...

CVE-2024-33180

CVE-2024-33180 affects Tenda AC18 (firmware 15.03.3.10_EN). A stack-based buffer overflow originates from the deviceId parameter in ip/goform/saveParentControlInfo, enabling potential arbitrary code execution or denial of service. Documented impact is high for confidentiality, integrity, and avai...

CVE-2024-33180

Tenda AC18 V15.03.3.10EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo...

CVE-2024-33181

Tenda AC18 V15.03.3.10EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter...

CVE-2024-40415

A vulnerability in /goform/SetStaticRouteCfg in the sub519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow...

CVE-2024-40415

A vulnerability in /goform/SetStaticRouteCfg in the sub519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow...

CVE-2024-40416

The CVE-2024-40416 entry affects Tenda AX1806 firmware 1.0.0.1, with a stack-based buffer overflow in /goform/SetVirtualServerCfg (sub_6320C). This can allow an attacker to potentially execute arbitrary code or cause a denial of service. The vulnerability is documented across multiple sources (CN...

CVE-2024-39556

Summary of CVE-2024-39556 : A stack-based buffer overflow vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker with CLI access to load a crafted certificate via the set security certificates command, potentially crashing the command management da...

CVE-2024-40417

A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetRebootTimer of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow...

15 vulnerabilities discovered in software development kit for wireless routers

Cisco Talos Vulnerability Research team recently discovered 15 vulnerabilities in the Realtek rtl819x Jungle software development kit used in some small and home office wireless routers. This SDK uses the discontinued, open-source Boa as its web server. Talos researchers discovered these...

CVE-2024-39880 Stack-based Buffer Overflow in Delta Electronics CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the curren...

Siemens RUGGEDCOM APE 1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2023-50330

A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...

CVE-2023-50244

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

CVE-2023-50240

Two stack-based buffer overflow vulnerabilities exist in the boa setRadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these...

CVE-2023-49073

A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2023-48270

A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2023-48270

Realtek rtl819x Jungle SDK v3.4.11 contains a stack-based buffer overflow in boa formDnsv6. A crafted sequence of HTTP requests can lead to arbitrary code execution, with CVSSv3.1 score 7.2 (Network, Privileges Required: High, User Interaction: None, Scope: Unchanged). TALOS-2023-1876 provides a ...

CVE-2023-47856

A stack-based buffer overflow vulnerability exists in the boa setRadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2023-50240

Two stack-based buffer overflow vulnerabilities exist in the boa setRadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these...