Skip to main content

Ac18 Firmware CVE-2024-28551

HIGH
Stack-based Buffer Overflow (CWE-121)
2024-03-26 cve@mitre.org
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 26, 2024 - 21:15 cve.org
HIGH 7.5

DescriptionCVE.org

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function.

AnalysisAI

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-121. Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function. Affected products include: Tenda Ac18 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-33182 CRITICAL POC
9.8 Jul 16

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId paramet

CVE-2024-33180 CRITICAL POC
9.8 Jul 16

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId paramet

CVE-2024-33835 CRITICAL POC
9.8 May 01

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.

CVE-2024-28545 CRITICAL POC
9.8 Mar 26

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload func

CVE-2024-2854 CRITICAL POC
9.8 Mar 24

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Rated critical severity (CVSS 9.8), thi

CVE-2024-28537 CRITICAL POC
9.8 Mar 18

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. Rated

CVE-2024-28553 CRITICAL POC
9.8 Mar 12

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Rated critic

CVE-2024-28535 CRITICAL POC
9.8 Mar 12

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Rat

CVE-2023-30135 CRITICAL POC
9.8 May 05

Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName paramet

CVE-2023-24166 CRITICAL POC
9.8 Jan 26

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. Rated critical severity (CVSS 9.8

CVE-2022-43260 CRITICAL POC
9.8 Oct 18

Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime fu

CVE-2022-40854 CRITICAL POC
9.8 Sep 23

Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set. Rated critical severity (CV

Share

CVE-2024-28551 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy