CVE-2024-0535 | Tenda PA6 1.0.1.21 httpd /portmap cgiPortMapAdd groupName stack-based overflow

Posted by Angelo Barbosa | Jan 14, 2024 | CVE

A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow.

This vulnerability is known as CVE-2024-0535. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0535 | Tenda PA6 1.0.1.21 httpd /portmap cgiPortMapAdd groupName stack-based overflow

Related Posts

CVE-2023-38018 | IBM Aspera Shares 1.10.0 PL2 Password Change session fixiation (XFDB-260574)

CVE-2024-31096 | kopatheme Nictitate Plugin up to 1.1.4 on WordPress cross-site request forgery

CVE-2023-7206 | Horner Automation Cscape up to 9.90 SP10 CSP File stack-based overflow (icsa-24-011-04)

CVE-2023-45139 | fonttools prior 4.43.0 xml external entity reference (GHSA-6673-4983)