VDB-281556 · CVE-2024-10281 · GCVE-100-281556

Tenda RX9/RX9 Pro 22.03.02.10/22.03.02.20 SetStaticRouteCfg sub_42EEE0 list ବଫର୍ ଓଭରଫ୍ଲୋ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20 keessatti argameera. Kan miidhamte is hojii sub_42EEE0 faayilii /goform/SetStaticRouteCfg keessa. Hojii jijjiirraa irratti gaggeeffame list gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-121 geessa. Dadhabbii kana yeroo 10/23/2024 maxxanfameera. Odeeffannoon kun buufachuuf gitee.com irratti qoodameera. Dogoggorri kun akka CVE-2024-10281tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana gitee.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.

2 ଆଡାପ୍ଟେସନ୍ · 86 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 10/23/2024 08:12 AM	ଅଦ୍ୟତନ 1/1 10/23/2024 04:39 PM
software_vendor	Tenda	Tenda
software_name	RX9/RX9 Pro	RX9/RX9 Pro
software_version	22.03.02.10/22.03.02.20	22.03.02.10/22.03.02.20
software_file	/goform/SetStaticRouteCfg	/goform/SetStaticRouteCfg
software_function	sub_42EEE0	sub_42EEE0
software_argument	list	list
vulnerability_cwe	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	H	H
cvss3_vuldb_i	H	H
cvss3_vuldb_a	H	H
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md	https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md	https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md
source_cve	CVE-2024-10281	CVE-2024-10281
cna_responsible	VulDB	VulDB
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	C	C
cvss2_vuldb_ii	C	C
cvss2_vuldb_ai	C	C
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	H	H
cvss4_vuldb_vi	H	H
cvss4_vuldb_va	H	H
cvss4_vuldb_e	P	P
cvss2_vuldb_au	S	S
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_pr	L	L
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0
cvss3_meta_basescore	8.8	8.8
cvss3_meta_tempscore	8.0	8.4
cvss4_vuldb_bscore	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4
advisory_date	1729634400 (10/23/2024)	1729634400 (10/23/2024)
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		L
cvss4_cna_ui		N
cvss4_cna_vc		H
cvss4_cna_vi		H
cvss4_cna_va		H
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		8.7
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		H
cvss3_cna_i		H
cvss3_cna_a		H
cvss3_cna_basescore		8.8
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		S
cvss2_cna_ci		C
cvss2_cna_ii		C
cvss2_cna_ai		C
cvss2_cna_basescore		9

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you know our Splunk app?

Download it now for free!