CVE-2024-0995
published 2024-01-29CVE-2024-0995: A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.66%
73.7th percentile
A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenda | w6 | — | — |
| tenda | w6_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.08.3HIGHAV:N/AC:L/Au:M/C:C/I:C/A:C
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-xilinx-zynqmp vulnerabilities
osv·2025-05-02·CVSS 7.8
CVE-2022-0995 linux-xilinx-zynqmp vulnerabilities
linux-xilinx-zynqmp vulnerabilities
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- iSCSI Boot Firmware Table Attributes driver;
- GPU drivers;
- Network drivers;
- File systems infrastructure;
- NTFS3 file system;
- SMB network file system;
- Network namespace;
- Ethernet bridge;
- Networking core;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-50
OSV
linux-aws-5.15 vulnerabilities
osv·2025-04-29·CVSS 7.8
CVE-2022-0995 linux-aws-5.15 vulnerabilities
linux-aws-5.15 vulnerabilities
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- iSCSI Boot Firmware Table Attributes driver;
- Network drivers;
- File systems infrastructure;
- NTFS3 file system;
- Ethernet bridge;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-26837, CVE-2025-21993, CVE-2025-21702, CVE-2024-50248,
CVE-2024-46826, CVE-2024-50256, CV
OSV
linux-oracle-5.15 vulnerabilities
osv·2025-04-25·CVSS 7.8
CVE-2022-0995 linux-oracle-5.15 vulnerabilities
linux-oracle-5.15 vulnerabilities
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- File systems infrastructure;
- NTFS3 file system;
- Ethernet bridge;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2025-21993, CVE-2025-21703, CVE-2024-50248, CVE-2025-21700,
CVE-2024-50256, CVE-2025-21701, CVE-2024-56651, CVE-2025-21756,
CVE-2024-26837
OSV
linux-intel-iot-realtime, linux-realtime vulnerabilities
osv·2025-04-24·CVSS 7.8
CVE-2022-0995 linux-intel-iot-realtime, linux-realtime vulnerabilities
linux-intel-iot-realtime, linux-realtime vulnerabilities
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- File systems infrastructure;
- NTFS3 file system;
- Ethernet bridge;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-56651, CVE-2025-21756, CVE-2024-26837, CVE-2025-21700,
CVE-2024-46826, CVE-2024-50256, CVE-2024-50248, CVE-202
OSV
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
osv·2025-04-24·CVSS 7.8
CVE-2022-0995 linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- File systems infrastructure;
- NTFS3 file system;
- Ethernet bridge;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-26837, CVE-2025-21993, CVE-2025-21702, CVE-2025-21700,
CVE-2025-21701, CVE-2024-50248, CVE-2024-56651, CVE-2
OSV
linux-azure-fips vulnerabilities
osv·2025-04-24·CVSS 7.8
CVE-2022-0995 linux-azure-fips vulnerabilities
linux-azure-fips vulnerabilities
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Microsoft Azure Network Adapter (MANA) driver;
- File systems infrastructure;
- NTFS3 file system;
- Ethernet bridge;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-26837, CVE-2024-50248, CVE-2025-21756, CVE-2025-21701,
CVE-2024-50256, CVE-2025-21993
GHSA
GHSA-2348-p6m3-vqc4: A vulnerability was found in Tenda W6 1
ghsa_unreviewed·2024-01-29
CVE-2024-0995 [HIGH] CWE-121 GHSA-2348-p6m3-vqc4: A vulnerability was found in Tenda W6 1
A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Suricata
GPL NETBIOS DCERPC msqueue bind attempt
suricata·2010-09-23
CVE-2003-0995 GPL NETBIOS DCERPC msqueue bind attempt
GPL NETBIOS DCERPC msqueue bind attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"GPL NETBIOS DCERPC msqueue bind attempt"; flow:established,to_server; flowbits:set,smb.tree.bind.msqueue; flowbits:noalert; content:"|05|"; depth:1; byte_test:1,!&,16,3,relative; content:"|0B|"; within:1; distance:1; content:"|B0 01|R|97 CA|Y|D0 11 A8 D5 00 A0 C9 0D 80|Q"; within:16; distance:29; reference:cve,2003-0995; reference:url,www.eeye.com/html/Research/Advisories/AD20030910.html; reference:url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx; classtype:protocol-command-decode; sid:2103156; rev:6; metadata:created_at 2010_09_23, cve CVE_2003_0995, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_14;)
No public exploits indexed.
No writeups or analysis indexed.
https://jylsec.notion.site/Tenda-w6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-e283b41905934e97b4c65632a0018eba?pvs=4https://vuldb.com/?ctiid.252260https://vuldb.com/?id.252260https://jylsec.notion.site/Tenda-w6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-e283b41905934e97b4c65632a0018eba?pvs=4https://vuldb.com/?ctiid.252260https://vuldb.com/?id.252260
2024-01-29
Published