CVE-2024-0991 | Tenda i6 1.0.0.9(3857) httpd /goform/setcfm formSetCfm funcpara1 stack-based overflow

Posted by Angelo Barbosa | Jan 28, 2024 | CVE

A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classified as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow.

This vulnerability was named CVE-2024-0991. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0991 | Tenda i6 1.0.0.9(3857) httpd /goform/setcfm formSetCfm funcpara1 stack-based overflow

Related Posts

CVE-2024-25004 | KiTTY up to 0.76.1.13 username stack-based overflow (ID 177032)

CVE-2024-26578 | Apache Answer up to 1.2.1 Registration race condition

CVE-2024-4870 | Frontend Registration Plugin up to 5.1 on WordPress Privilege Escalation

CVE-2024-47971 | Solidigm D5-P5316/D7-P5520/D7-P5620 denial of service