Sign-up

ID

VAR-202401-1105


CVE

CVE-2024-0932


TITLE

Tenda  of  AC10U  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-001949

DESCRIPTION

A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda of AC10U A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10U is a wireless router from China's Tenda company. The vulnerability is caused by the setSmartPowerManagement function failing to properly check the boundaries. An attacker can exploit this vulnerability to overflow the buffer and execute arbitrary code on the system

Trust: 2.16

sources: NVD: CVE-2024-0932 // JVNDB: JVNDB-2024-001949 // CNVD: CNVD-2024-21489

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-21489

AFFECTED PRODUCTS

vendor:tendacnmodel:ac10uscope:eqversion:15.03.06.49_multi_tde01

Trust: 1.0

vendor:tendamodel:ac10uscope: - version: -

Trust: 0.8

vendor:tendamodel:ac10uscope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac10uscope:eqversion:ac10u firmware 15.03.06.49 multi tde01

Trust: 0.8

vendor:tendamodel:ac10u 15.03.06.49 multi tde01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-21489 // JVNDB: JVNDB-2024-001949 // NVD: CVE-2024-0932

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-0932
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-0932
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-0932
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-21489
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2024-0932
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2024-21489
severity: MEDIUM
baseScore: 4.6
vectorString: AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-0932
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-0932
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-0932
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-21489 // JVNDB: JVNDB-2024-001949 // NVD: CVE-2024-0932 // NVD: CVE-2024-0932

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-001949 // NVD: CVE-2024-0932

EXTERNAL IDS

db:NVDid:CVE-2024-0932

Trust: 3.2

db:VULDBid:252137

Trust: 1.8

db:JVNDBid:JVNDB-2024-001949

Trust: 0.8

db:CNVDid:CNVD-2024-21489

Trust: 0.6

sources: CNVD: CNVD-2024-21489 // JVNDB: JVNDB-2024-001949 // NVD: CVE-2024-0932

REFERENCES

url:https://github.com/yaoyue123/iot/blob/main/tenda/ac10u/setsmartpowermanagement.md

Trust: 1.8

url:https://vuldb.com/?id.252137

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-0932

Trust: 1.4

url:https://vuldb.com/?ctiid.252137

Trust: 1.0

sources: CNVD: CNVD-2024-21489 // JVNDB: JVNDB-2024-001949 // NVD: CVE-2024-0932

SOURCES

db:CNVDid:CNVD-2024-21489
db:JVNDBid:JVNDB-2024-001949
db:NVDid:CVE-2024-0932

LAST UPDATE DATE

2024-08-14T15:41:25.562000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-21489date:2024-05-07T00:00:00
db:JVNDBid:JVNDB-2024-001949date:2024-02-07T03:00:00
db:NVDid:CVE-2024-0932date:2024-05-17T02:35:04.547

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-21489date:2024-05-09T00:00:00
db:JVNDBid:JVNDB-2024-001949date:2024-02-07T00:00:00
db:NVDid:CVE-2024-0932date:2024-01-26T17:15:11.050