A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 27 Aug 2025 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac15
CPEs cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*
Vendors & Products Tenda ac15
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 28 May 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda a301
Tenda a301 Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:tenda:a301:2.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:a301_firmware:15.03.08.12:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda a301
Tenda a301 Firmware

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-27T21:26:06.856Z

Reserved: 2024-04-27T05:49:08.167Z

Link: CVE-2024-4291

cve-icon Vulnrichment

Updated: 2024-08-01T20:33:53.224Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-27T20:15:07.170

Modified: 2025-05-28T13:47:06.687

Link: CVE-2024-4291

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.