CVE-2024-0994 | Tenda W6 1.0.0.9(4122) httpd /goform/setcfm formSetCfm funcpara1 stack-based overflow

Inserito da Angelo Barbosa | Gen 28, 2024 | CVE

A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been declared as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow.

This vulnerability is known as CVE-2024-0994. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0994 | Tenda W6 1.0.0.9(4122) httpd /goform/setcfm formSetCfm funcpara1 stack-based overflow

Post correlati

CVE-2024-39922 | Siemens LOGO! 12 Embedded Storage IC credentials storage (ssa-921449)

CVE-2022-48830 | Linux Kernel up to 5.10.100/5.15.23/5.16.9 CAN isotp_rcv state issue

CVE-2024-43984 | Podlove Podcast Publisher Plugin up to 4.1.13 on WordPress cross-site request forgery

CVE-2024-10456 | Delta Electronics InfraSuite Device Master up to 1.0.12 deserialization (icsa-24-303-03)