Details of VAR-202401-0542

ID

VAR-202401-0542

CVE

CVE-2024-0536

TITLE

Shenzhen Tenda Technology Co.,Ltd. of w9 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-001455

DESCRIPTION

A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of w9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W9 version 1.0.0.7 has an out-of-bounds write vulnerability, which is caused by a stack-based buffer overflow in the ssidIndex parameter of the setWrlAccessList function. An attacker can exploit this vulnerability to inject malicious code to steal sensitive information or damage the system

Trust: 2.16

sources: NVD: CVE-2024-0536 // JVNDB: JVNDB-2024-001455 // CNVD: CNVD-2024-14313

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-14313

AFFECTED PRODUCTS

vendor:	tenda	model:	w9	scope:	eq	version:	1.0.0.7\(4456\)	Trust: 1.0
vendor:	tenda	model:	w9	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w9	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	w9	scope:	eq	version:	w9 firmware 1.0.0.7(4456)	Trust: 0.8
vendor:	tenda	model:	w9	scope:	eq	version:	1.0.0.7(4456)	Trust: 0.6

sources: CNVD: CNVD-2024-14313 // JVNDB: JVNDB-2024-001455 // NVD: CVE-2024-0536

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-0536
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-0536
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2024-0536
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2024-14313
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-0536
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2024-14313
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-0536
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-0536
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-0536
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-14313 // JVNDB: JVNDB-2024-001455 // NVD: CVE-2024-0536 // NVD: CVE-2024-0536

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-001455 // NVD: CVE-2024-0536

PATCH

title:

Patch for Tenda W9 out-of-bounds write vulnerability (CNVD-2024-14313)

url:

https://www.cnvd.org.cn/patchInfo/show/534911

Trust: 0.6

sources: CNVD: CNVD-2024-14313

EXTERNAL IDS

db:	NVD	id:	CVE-2024-0536	Trust: 3.2
db:	VULDB	id:	250706	Trust: 1.0
db:	JVNDB	id:	JVNDB-2024-001455	Trust: 0.8
db:	CNVD	id:	CNVD-2024-14313	Trust: 0.6

sources: CNVD: CNVD-2024-14313 // JVNDB: JVNDB-2024-001455 // NVD: CVE-2024-0536

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2024-0536	Trust: 1.4
url:	https://github.com/jylsec/vuldb/blob/main/tenda/w9/1/readme.md	Trust: 1.0
url:	https://vuldb.com/?ctiid.250706	Trust: 1.0
url:	https://vuldb.com/?id.250706	Trust: 1.0

sources: CNVD: CNVD-2024-14313 // JVNDB: JVNDB-2024-001455 // NVD: CVE-2024-0536

SOURCES

db:	CNVD	id:	CNVD-2024-14313
db:	JVNDB	id:	JVNDB-2024-001455
db:	NVD	id:	CVE-2024-0536

LAST UPDATE DATE

2024-08-14T14:30:05.475000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-14313	date:	2024-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-001455	date:	2024-02-05T05:11:00
db:	NVD	id:	CVE-2024-0536	date:	2024-05-17T02:34:44.903

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-14313	date:	2024-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-001455	date:	2024-02-05T00:00:00
db:	NVD	id:	CVE-2024-0536	date:	2024-01-15T04:15:07.547