CVE-2024-4165 | Tenda G3 15.11.0.17(9502) /goform/modifyDhcpRule bindDhcpIndex stack-based overflow

Inserito da Angelo Barbosa | Apr 25, 2024 | CVE

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Affected is the function modifyDhcpRule of the file /goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to stack-based buffer overflow.

This vulnerability is traded as CVE-2024-4165. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4165 | Tenda G3 15.11.0.17(9502) /goform/modifyDhcpRule bindDhcpIndex stack-based overflow

Post correlati

CVE-2024-7813 | SourceCodester Prison Management System 1.0 Profile Image /uploadImage/Profile/ insufficiently protected credentials

CVE-2024-37090 | StylemixThemes Masterstudy Elementor Widgets on WordPress sql injection

CVE-2024-40094 | GraphQL Java up to 19.10/20.8/21.4 ExecutableNormalizedFields denial of service

CVE-2023-52441 | Linux Kernel up to 5.15.144/6.1.52/6.4/6.4.15 ksmbd init_smb2_rsp_hdr out-of-bounds