CVE-2024-0991 | Tenda i6 1.0.0.9(3857) httpd /goform/setcfm formSetCfm funcpara1 stack-based overflow

Posted by Angelo Barbosa | Jan 28, 2024 | CVE

A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classified as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow.

This vulnerability was named CVE-2024-0991. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0991 | Tenda i6 1.0.0.9(3857) httpd /goform/setcfm formSetCfm funcpara1 stack-based overflow

Related Posts

CVE-2023-30308 | Ruijie EG210G-P/EG105G-V2/NBR/EG105G TCP denial of service

CVE-2024-41570 | Havoc 0.7 server-side request forgery

CVE-2024-32354 | Totolink X5000R 9.1.0cu.2350_B20230313 /cgi-bin/cstecgi.cgi setSSServer timeout command injection

CVE-2024-35720 | A WP Life Album Gallery Plugin up to 1.5.7 on WordPress authorization