CVE-2024-4236

High

A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function…

VulDB·CWE-121·Published 2024-04-26

CVSS

8.8

EPSS

0.15

KEV

Exploits

cve.orgde

426 chars

Eine Schwachstelle wurde in Tenda AX1803 1.0.0.1 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion formSetSysToolDDNS der Datei /goform/SetDDNSCfg. Durch Manipulieren des Arguments serverName/ddnsUser/ddnsPwd/ddnsDomain mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

cve.orgen

537 chars

A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

NVDen

537 chars

NVDes

584 chars

Una vulnerabilidad fue encontrada en Tenda AX1803 1.0.0.1 y clasificada como crítica. Este problema afecta a la función formSetSysToolDDNS del archivo /goform/SetDDNSCfg. La manipulación del argumento serverName/ddnsUser/ddnsPwd/ddnsDomain provoca un desbordamiento de búfer en la región stack de la memoria. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-262127. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	cve.org	9.0	—	—	AV:N/AC:L/Au:S/C:C/I:C/A:C
2.0	Primary	cve.org	9.0	—	—	AV:N/AC:L/Au:S/C:C/I:C/A:C
2.0	Secondary	NVD	9.0	8.0	10.0	AV:N/AC:L/Au:S/C:C/I:C/A:C
3.0	Primary	cve.org	8.8	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.0	Primary	cve.org	8.8	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H