A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Advisories
Source ID Title
EUVD EUVD EUVD-2024-33011 A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 01 Nov 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda rx9 Pro Firmware
Weaknesses CWE-787
CPEs cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*
Vendors & Products Tenda rx9 Pro Firmware

Wed, 23 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda rx9
Tenda rx9 Pro
CPEs cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*
cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda rx9
Tenda rx9 Pro
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 23 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Title Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow
Weaknesses CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2024-10-23T17:33:05.674Z

Reserved: 2024-10-23T06:07:52.411Z

Link: CVE-2024-10283

cve-icon Vulnrichment

Updated: 2024-10-23T17:33:01.124Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-23T15:15:29.850

Modified: 2024-11-01T14:08:24.997

Link: CVE-2024-10283

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.