CVE-2024-10698 - A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issu

CVE-2024-10698

Summary

A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

References

https://vuldb.com/?id.282866
https://vuldb.com/?ctiid.282866
https://vuldb.com/?submit.434935
https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_stackflow_formSetDeviceName/tenda_ac6_stackflow_formSetDeviceName.md
https://www.tenda.com.cn/

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-121

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

02-11-2024 - 14:15

Published

02-11-2024 - 14:15

Last modified

02-11-2024 - 14:15