CVE-2024-0996

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 74.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda I9Tenda I9 Firmware
Timeline
PublishedJan 29

Description

A vulnerability classified as critical has been found in Tenda i9 1.0.0.9(4122). This affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5tenda/i91.0.0.9(4122)
NVDtenda/i9_firmware1.0.0.6\(1020\)

🔴Vulnerability Details

2
CVEList
Tenda i9 httpd setcfm formSetCfm stack-based overflow2024-01-29
GHSA
GHSA-4qcw-hfhw-j23m: A vulnerability classified as critical has been found in Tenda i9 12024-01-29
CVE-2024-0996 (CRITICAL CVSS 9.8) | A vulnerability classified as criti | cvebase.io