CVE-2024-0994 | Tenda W6 1.0.0.9(4122) httpd /goform/setcfm formSetCfm funcpara1 stack-based overflow

Posted by Angelo Barbosa | Jan 28, 2024 | CVE

A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been declared as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow.

This vulnerability is known as CVE-2024-0994. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0994 | Tenda W6 1.0.0.9(4122) httpd /goform/setcfm formSetCfm funcpara1 stack-based overflow

Related Posts

CVE-2024-36934 | Linux Kernel up to 6.8.9 bna memdup_user_nul null termination

CVE-2023-45873 | Couchbase Server up to 7.2.2 denial of service

CVE-2024-7832 | D-Link DNS-1550-04 up to 20240814 photocenter_mgr.cgi cgi_get_fullscreen_photos user buffer overflow

CVE-2024-2135 | Bdtask Hospita AutoManager up to 20240223 Hospital Activities Page form Description cross site scripting