ID
CVE
TITLE
Shenzhen Tenda Technology Co.,Ltd. of i22 Out-of-bounds write vulnerability in firmware
sources:
JVNDB: JVNDB-2024-005117
DESCRIPTION
A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of i22 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
sources:
NVD: CVE-2024-7583 //
JVNDB: JVNDB-2024-005117
AFFECTED PRODUCTS
| vendor: | tenda | model: | i22 | scope: | eq | version: | 1.0.0.3\(4687\) | |
| vendor: | tenda | model: | i22 | scope: | eq | version: | i22 firmware 1.0.0.3(4687) | |
| vendor: | tenda | model: | i22 | scope: | eq | version: | - | |
| vendor: | tenda | model: | i22 | scope: | - | version: | - | |
sources:
JVNDB: JVNDB-2024-005117 //
NVD: CVE-2024-7583
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| cna@vuldb.com: | CVE-2024-7583 | |
|
| value: | HIGH | | | nvd@nist.gov: | CVE-2024-7583 | |
|
| value: | CRITICAL | | | OTHER: | JVNDB-2024-005117 | |
|
| value: | CRITICAL | |
| | cna@vuldb.com: | CVE-2024-7583 | |
|
| severity: | HIGH | | baseScore: | 9.0 | | vectorString: | AV:N/AC:L/AU:S/C:C/I:C/A:C | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | SINGLE | | confidentialityImpact: | COMPLETE | | integrityImpact: | COMPLETE | | availabilityImpact: | COMPLETE | | exploitabilityScore: | 8.0 | | impactScore: | 10.0 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | OTHER: | JVNDB-2024-005117 | |
|
| severity: | HIGH | | baseScore: | 9.0 | | vectorString: | AV:N/AC:L/AU:S/C:C/I:C/A:C | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | SINGLE | | confidentialityImpact: | COMPLETE | | integrityImpact: | COMPLETE | | availabilityImpact: | COMPLETE | | exploitabilityScore: | NONE | | impactScore: | NONE | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | cna@vuldb.com: | CVE-2024-7583 | |
|
| baseSeverity: | HIGH | | baseScore: | 8.8 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | LOW | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | 2.8 | | impactScore: | 5.9 | | version: | 3.1 | | | nvd@nist.gov: | CVE-2024-7583 | |
|
| baseSeverity: | CRITICAL | | baseScore: | 9.8 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | 3.9 | | impactScore: | 5.9 | | version: | 3.1 | | | NVD: | JVNDB-2024-005117 | |
|
| baseSeverity: | CRITICAL | | baseScore: | 9.8 | | vectorString: | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
JVNDB: JVNDB-2024-005117 //
NVD: CVE-2024-7583 //
NVD: CVE-2024-7583
PROBLEMTYPE DATA
| problemtype: | CWE-787 | |
| problemtype: | CWE-120 | |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | |
sources:
JVNDB: JVNDB-2024-005117 //
NVD: CVE-2024-7583
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-7583 | |
| db: | VULDB | id: | 273863 | |
| db: | JVNDB | id: | JVNDB-2024-005117 | |
sources:
JVNDB: JVNDB-2024-005117 //
NVD: CVE-2024-7583
REFERENCES
| url: | https://github.com/beacox/iot_vuln/tree/main/tenda/i22/apportalonekeyauth | |
| url: | https://vuldb.com/?id.273863 | |
| url: | https://vuldb.com/?submit.382835 | |
| url: | https://vuldb.com/?ctiid.273863 | |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-7583 | |
sources:
JVNDB: JVNDB-2024-005117 //
NVD: CVE-2024-7583
SOURCES
| db: | JVNDB | id: | JVNDB-2024-005117 |
| db: | NVD | id: | CVE-2024-7583 |
LAST UPDATE DATE
2024-08-15T12:53:47.567000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2024-005117 | date: | 2024-08-13T01:39:00 |
| db: | NVD | id: | CVE-2024-7583 | date: | 2024-08-08T20:54:35.117 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2024-005117 | date: | 2024-08-13T00:00:00 |
| db: | NVD | id: | CVE-2024-7583 | date: | 2024-08-07T16:15:48.273 |
