Details of VAR-202408-2464

ID

VAR-202408-2464

CVE

CVE-2024-8224

TITLE

Shenzhen Tenda Technology Co.,Ltd. of G3 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-006914

DESCRIPTION

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of G3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda G3 is a Qos VPN router from China's Tenda company. The vulnerability is caused by the enable/level/module parameter of the formSetDebugCfg function in the /goform/setDebugCfg file failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause the application to crash

Trust: 2.16

sources: NVD: CVE-2024-8224 // JVNDB: JVNDB-2024-006914 // CNVD: CNVD-2024-40839

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-40839

AFFECTED PRODUCTS

vendor:	tendacn	model:	g3	scope:	eq	version:	15.11.0.20	Trust: 1.0
vendor:	tenda	model:	g3	scope:	eq	version:	g3 firmware v15.11.0.20	Trust: 0.8
vendor:	tenda	model:	g3	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	g3	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	g3	scope:	eq	version:	15.11.0.20	Trust: 0.6

sources: CNVD: CNVD-2024-40839 // JVNDB: JVNDB-2024-006914 // NVD: CVE-2024-8224

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-8224
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-8224
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2024-006914
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2024-40839
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-8224
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-006914
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2024-40839
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-8224
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-8224
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2024-006914
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-40839 // JVNDB: JVNDB-2024-006914 // NVD: CVE-2024-8224 // NVD: CVE-2024-8224

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-006914 // NVD: CVE-2024-8224

EXTERNAL IDS

db:	NVD	id:	CVE-2024-8224	Trust: 3.2
db:	VULDB	id:	275933	Trust: 2.4
db:	JVNDB	id:	JVNDB-2024-006914	Trust: 0.8
db:	CNVD	id:	CNVD-2024-40839	Trust: 0.6

sources: CNVD: CNVD-2024-40839 // JVNDB: JVNDB-2024-006914 // NVD: CVE-2024-8224

REFERENCES

url:	https://vuldb.com/?id.275933	Trust: 2.4
url:	https://github.com/abcdefg-png/ahu-iot-vulnerable/blob/main/tenda/g3v3.0/formsetdebugcfg.md	Trust: 1.8
url:	https://vuldb.com/?submit.393999	Trust: 1.8
url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://vuldb.com/?ctiid.275933	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-8224	Trust: 0.8

sources: CNVD: CNVD-2024-40839 // JVNDB: JVNDB-2024-006914 // NVD: CVE-2024-8224

SOURCES

db:	CNVD	id:	CNVD-2024-40839
db:	JVNDB	id:	JVNDB-2024-006914
db:	NVD	id:	CVE-2024-8224

LAST UPDATE DATE

2024-12-13T23:21:08.440000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-40839	date:	2024-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2024-006914	date:	2024-08-30T02:16:00
db:	NVD	id:	CVE-2024-8224	date:	2024-12-13T15:15:38.053

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-40839	date:	2024-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2024-006914	date:	2024-08-30T00:00:00
db:	NVD	id:	CVE-2024-8224	date:	2024-08-27T23:15:03.920