Details of VAR-202401-0617

ID

VAR-202401-0617

CVE

CVE-2024-0542

TITLE

Shenzhen Tenda Technology Co.,Ltd. of w9 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-001461

DESCRIPTION

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of w9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker can exploit this vulnerability to inject malicious code to steal sensitive information or damage the system

Trust: 2.16

sources: NVD: CVE-2024-0542 // JVNDB: JVNDB-2024-001461 // CNVD: CNVD-2024-14312

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-14312

AFFECTED PRODUCTS

vendor:	tenda	model:	w9	scope:	eq	version:	1.0.0.7\(4456\)	Trust: 1.0
vendor:	tenda	model:	w9	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w9	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	w9	scope:	eq	version:	w9 firmware 1.0.0.7(4456)	Trust: 0.8
vendor:	tenda	model:	w9	scope:	eq	version:	1.0.0.7(4456)	Trust: 0.6

sources: CNVD: CNVD-2024-14312 // JVNDB: JVNDB-2024-001461 // NVD: CVE-2024-0542

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-0542
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-0542
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2024-0542
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2024-14312
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-0542
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2024-14312
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-0542
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-0542
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-0542
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-14312 // JVNDB: JVNDB-2024-001461 // NVD: CVE-2024-0542 // NVD: CVE-2024-0542

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-001461 // NVD: CVE-2024-0542

PATCH

title:

Patch for Tenda W9 out-of-bounds write vulnerability (CNVD-2024-14312)

url:

https://www.cnvd.org.cn/patchInfo/show/534906

Trust: 0.6

sources: CNVD: CNVD-2024-14312

EXTERNAL IDS

db:	NVD	id:	CVE-2024-0542	Trust: 3.2
db:	VULDB	id:	250712	Trust: 1.0
db:	JVNDB	id:	JVNDB-2024-001461	Trust: 0.8
db:	CNVD	id:	CNVD-2024-14312	Trust: 0.6

sources: CNVD: CNVD-2024-14312 // JVNDB: JVNDB-2024-001461 // NVD: CVE-2024-0542

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2024-0542	Trust: 1.4
url:	https://github.com/jylsec/vuldb/blob/main/tenda/w9/7/readme.md	Trust: 1.0
url:	https://vuldb.com/?ctiid.250712	Trust: 1.0
url:	https://vuldb.com/?id.250712	Trust: 1.0

sources: CNVD: CNVD-2024-14312 // JVNDB: JVNDB-2024-001461 // NVD: CVE-2024-0542

SOURCES

db:	CNVD	id:	CNVD-2024-14312
db:	JVNDB	id:	JVNDB-2024-001461
db:	NVD	id:	CVE-2024-0542

LAST UPDATE DATE

2024-08-14T14:09:36.870000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-14312	date:	2024-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-001461	date:	2024-02-05T05:17:00
db:	NVD	id:	CVE-2024-0542	date:	2024-05-17T02:34:45.563

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-14312	date:	2024-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-001461	date:	2024-02-05T00:00:00
db:	NVD	id:	CVE-2024-0542	date:	2024-01-15T05:15:09.297