A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 29 Aug 2024 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda g3
Weaknesses CWE-787
CPEs cpe:2.3:h:tenda:g3:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:g3_firmware:15.11.0.20:*:*:*:*:*:*:*
Vendors & Products Tenda g3

Wed, 28 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda g3 Firmware
CPEs cpe:2.3:o:tenda:g3_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda g3 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 27 Aug 2024 23:15:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Title Tenda G3 SetSysTimeCfg formSetSysTime stack-based overflow
Weaknesses CWE-121
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2024-08-28T13:57:49.602Z

Reserved: 2024-08-27T13:12:02.503Z

Link: CVE-2024-8225

cve-icon Vulnrichment

Updated: 2024-08-28T13:57:35.473Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-27T23:15:04.207

Modified: 2024-08-29T00:14:43.957

Link: CVE-2024-8225

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.