CVE-2024-4164Stack-based Buffer Overflow in G3

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
CNA8.8
EPSS
0.2%
top 51.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda G3Tenda G3 Firmware
Timeline
PublishedApr 25

Description

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.17(9502). This issue affects the function formModifyPppAuthWhiteMac of the file /goform/ModifyPppAuthWhiteMac. The manipulation of the argument pppoeServerWhiteMacIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261983. NOTE: The vendor was contacted early about t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5tenda/g315.11.0.17(9502)
NVDtenda/g3_firmware15.11.0.17\(9502\)_cn

🔴Vulnerability Details

2
CVEList
Tenda G3 ModifyPppAuthWhiteMac formModifyPppAuthWhiteMac stack-based overflow2024-04-25
GHSA
GHSA-qf72-rm58-xjjg: A vulnerability, which was classified as critical, has been found in Tenda G3 152024-04-25
CVE-2024-4164 — Stack-based Buffer Overflow in Tenda G3 | cvebase