CVE-2024-4167 | Tenda 4G300 1.01.42 sub_422AA4 year/month/day/hour/minute/second stack-based overflow

Inserito da Angelo Barbosa | Apr 25, 2024 | CVE

A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow.

This vulnerability is handled as CVE-2024-4167. The attack may be launched remotely. There is no exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4167 | Tenda 4G300 1.01.42 sub_422AA4 year/month/day/hour/minute/second stack-based overflow

Post correlati

CVE-2023-36498 | TP-LINK ER7206 Omada Gigabit VPN Router 1.3.0 Build 20230322 Rel.70591 PPTP Client os command injection (TALOS-2023-1853)

CVE-2023-52093 | Trend Micro Apex One routine

CVE-2024-0646 | Linux Kernel TLS /net/tls/tls_sw.c tls_sw_sendmsg_splice out-of-bounds write

CVE-2024-7589 | FreeBSD OpenSSH race condition