CVE-2024-10130Stack-based Buffer Overflow in AC8

CWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
8.7HIGHNVD
EPSS
0.7%
top 29.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda AC8Tenda AC8 Firmware
Timeline
PublishedOct 18
Latest updateOct 19

Description

A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ac816.03.34.06
NVDtenda/ac8_firmware16.03.34.06

🔴Vulnerability Details

2
GHSA
GHSA-6prf-mxrq-j35h: A vulnerability classified as critical was found in Tenda AC8 162024-10-19
CVEList
Tenda AC8 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow2024-10-18
CVE-2024-10130 — Stack-based Buffer Overflow in Tenda | cvebase