Sign-up

ID

VAR-202408-2376


CVE

CVE-2024-44563


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  ax1806  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-006714

DESCRIPTION

Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a stack overflow vulnerability in the iptv.stb.port parameter of Tenda AX1806. The vulnerability is caused by the parameter iptv.stb.port in the function setIptvInfo failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 1.26

sources: JVNDB: JVNDB-2024-006714 // CNVD: CNVD-2024-40417

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-40417

AFFECTED PRODUCTS

vendor:tendamodel:ax1806scope:eqversion:1.0.0.1

Trust: 1.0

vendor:tendamodel:ax1806scope:eqversion:ax1806 firmware 1.0.0.1

Trust: 0.8

vendor:tendamodel:ax1806scope: - version: -

Trust: 0.8

vendor:tendamodel:ax1806scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ax1806scope:eqversion:v1.0.0.1

Trust: 0.6

sources: CNVD: CNVD-2024-40417 // JVNDB: JVNDB-2024-006714 // NVD: CVE-2024-44563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-44563
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-44563
value: HIGH

Trust: 1.0

NVD: CVE-2024-44563
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-40417
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-40417
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-44563
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-44563
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-44563
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-40417 // JVNDB: JVNDB-2024-006714 // NVD: CVE-2024-44563 // NVD: CVE-2024-44563

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-006714 // NVD: CVE-2024-44563

EXTERNAL IDS

db:NVDid:CVE-2024-44563

Trust: 3.2

db:JVNDBid:JVNDB-2024-006714

Trust: 0.8

db:CNVDid:CNVD-2024-40417

Trust: 0.6

sources: CNVD: CNVD-2024-40417 // JVNDB: JVNDB-2024-006714 // NVD: CVE-2024-44563

REFERENCES

url:https://detailed-stetson-767.notion.site/tenda-ax1806-buffer-overflow-in-getiptvinfo-d15d44b770e24213a8dcb13a4812e3f4?pvs=4

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-44563

Trust: 1.4

sources: CNVD: CNVD-2024-40417 // JVNDB: JVNDB-2024-006714 // NVD: CVE-2024-44563

SOURCES

db:CNVDid:CNVD-2024-40417
db:JVNDBid:JVNDB-2024-006714
db:NVDid:CVE-2024-44563

LAST UPDATE DATE

2024-10-13T23:13:56.451000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-40417date:2024-10-11T00:00:00
db:JVNDBid:JVNDB-2024-006714date:2024-08-28T02:13:00
db:NVDid:CVE-2024-44563date:2024-08-27T13:43:26.300

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-40417date:2024-10-11T00:00:00
db:JVNDBid:JVNDB-2024-006714date:2024-08-28T00:00:00
db:NVDid:CVE-2024-44563date:2024-08-26T12:15:05.863