CVE-2024-0532

Published Jan 15, 2024

Last updated 6 months ago

Overview

Description: A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: cna@vuldb.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Secondary
Base score: 8.3
Impact score: 10
Exploitability score: 6.4
Vector string: AV:N/AC:L/Au:M/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-787
cna@vuldb.com: CWE-121

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:tenda:a15_firmware:15.13.07.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D91580C9-7B0F-4691-AE5D-F4D58B7DC58F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:tenda:a15:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B98AF912-2349-4E1F-8213-8EB5B0BA83B6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References