CVE-2024-2896
published 2024-03-26CVE-2024-2896: A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file…
PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.86%
76.5th percentile
A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenda | ac7 | — | — |
| tenda | ac7_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Tenda WifiWpsStart index Parameter Buffer Overflow Attempt (CVE-2025-45429, CVE-2024-2896, CVE-2024-2811, CVE-2024-2706)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:20; content:"/goform/WifiWpsStart"; fast_pattern; http.request_body; content:"index|3d|"; pcre:"/^[^&]{100,}(?:&|$)/R"; reference:cve,2025-45429; reference:url,github.com/SolitaryGrass/IoT_vuln/blob/main/tenda/AC6/AC6V2.0RTL_V15.03.06.23/formWifiWpsStart/poc.py; reference:cve,2024-2811; reference:cve,2024-2706; reference:cve,2024-2896; classtype:web-application-attack; sid:2064111; rev:1; metadata:affected_product Tenda, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_08_22, cve CVE_2025_45429_CVE_2024_2896_CVE_2024_2811_CVE_2024_2706, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_08_22, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)- →Exploit traffic uses HTTP POST method targeting the URI /goform/WifiWpsStart with a body parameter 'index=' followed by an oversized value (>=100 chars before & or end of body), indicating a stack-based buffer overflow attempt.
- →The URI /goform/WifiWpsStart has a fixed length of exactly 20 bytes; use a URI bsize check of 20 to reduce false positives.
- →The attack is plaintext (non-TLS) and should be detected at the network perimeter and internally; no TLS inspection required.
- →The vulnerability is remotely exploitable via manipulation of the 'index' argument in the formWifiWpsStart function, leading to a stack-based buffer overflow.
- ·The Snort/Suricata rule (sid:2064111) covers multiple CVEs simultaneously (CVE-2025-45429, CVE-2024-2896, CVE-2024-2811, CVE-2024-2706); a positive alert does not uniquely identify CVE-2024-2896 without additional context.
- ·The affected firmware version is Tenda AC7 15.03.06.44; the PoC reference points to AC6 firmware AC6V2.0RTL_V15.03.06.23, suggesting the same vulnerable endpoint exists across multiple Tenda device families and firmware versions. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Tenda WifiWpsStart index Parameter Buffer Overflow Attempt (CVE-2025-45429, CVE-2024-2896, CVE-2024-2811, CVE-2024-2706)
suricata·2025-08-22·CVSS 8.8
CVE-2025-45429 [HIGH] ET WEB_SPECIFIC_APPS Tenda WifiWpsStart index Parameter Buffer Overflow Attempt (CVE-2025-45429, CVE-2024-2896, CVE-2024-2811, CVE-2024-2706)
ET WEB_SPECIFIC_APPS Tenda WifiWpsStart index Parameter Buffer Overflow Attempt (CVE-2025-45429, CVE-2024-2896, CVE-2024-2811, CVE-2024-2706)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Tenda WifiWpsStart index Parameter Buffer Overflow Attempt (CVE-2025-45429, CVE-2024-2896, CVE-2024-2811, CVE-2024-2706)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:20; content:"/goform/WifiWpsStart"; fast_pattern; http.request_body; content:"index|3d|"; pcre:"/^[^&]{100,}(?:&|$)/R"; reference:cve,2025-45429; reference:url,github.com/SolitaryGrass/IoT_vuln/blob/main/tenda/AC6/AC6V2.0RTL_V15.03.06.23/formWifiWpsStart/poc.py; reference:cve,2024-2811; reference:cve,2024-2706; reference:cve,2024-2896; classtype:web-application-attack; sid:2064111; rev:1;
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formWifiWpsStart.mdhttps://vuldb.com/?ctiid.257939https://vuldb.com/?id.257939https://vuldb.com/?submit.300359https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formWifiWpsStart.mdhttps://vuldb.com/?ctiid.257939https://vuldb.com/?id.257939https://vuldb.com/?submit.300359
2024-03-26
Published