CVE-2024-0995

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write9 documents4 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 69.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda W6Tenda W6 Firmware
Timeline
PublishedJan 29
Latest updateMay 2

Description

A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5tenda/w61.0.0.9(4122)
NVDtenda/w6_firmware1.0.0.9\(4122\)

🔴Vulnerability Details

8
OSV
linux-xilinx-zynqmp vulnerabilities2025-05-02
OSV
linux-aws-5.15 vulnerabilities2025-04-29
OSV
linux-oracle-5.15 vulnerabilities2025-04-25
OSV
linux-intel-iot-realtime, linux-realtime vulnerabilities2025-04-24
OSV
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities2025-04-24
CVE-2024-0995 (CRITICAL CVSS 9.8) | A vulnerability was found in Tenda | cvebase.io