VDB-281557 · CVE-2024-10282 · GCVE-100-281557

Tenda RX9/RX9 Pro 22.03.02.10/22.03.02.20 SetVirtualServerCfg sub_42EA38 list ବଫର୍ ଓଭରଫ୍ଲୋ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20 keessatti argameera. Miidhaan irra gahe is hojii sub_42EA38 faayilii /goform/SetVirtualServerCfg keessa. Dhugumatti jijjiirraa irratti raawwatame list gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-121 si geessa. Beekumsi kun yeroo 10/23/2024 ifoomsifameera. Odeeffannoon kun buufachuuf gitee.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2024-10282 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana gitee.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

2 ଆଡାପ୍ଟେସନ୍ · 87 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 10/23/2024 08:12 AM	ଅଦ୍ୟତନ 1/1 10/25/2024 03:02 PM
software_vendor	Tenda	Tenda
software_name	RX9/RX9 Pro	RX9/RX9 Pro
software_version	22.03.02.10/22.03.02.20	22.03.02.10/22.03.02.20
software_file	/goform/SetVirtualServerCfg	/goform/SetVirtualServerCfg
software_function	sub_42EA38	sub_42EA38
software_argument	list	list
vulnerability_cwe	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-121 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	H	H
cvss3_vuldb_i	H	H
cvss3_vuldb_a	H	H
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md	https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md	https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md
source_cve	CVE-2024-10282	CVE-2024-10282
cna_responsible	VulDB	VulDB
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	C	C
cvss2_vuldb_ii	C	C
cvss2_vuldb_ai	C	C
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	H	H
cvss4_vuldb_vi	H	H
cvss4_vuldb_va	H	H
cvss4_vuldb_e	P	P
cvss2_vuldb_au	S	S
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_pr	L	L
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0
cvss3_meta_basescore	8.8	8.8
cvss3_meta_tempscore	8.0	8.4
cvss4_vuldb_bscore	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4
advisory_date	1729634400 (10/23/2024)	1729634400 (10/23/2024)
price_0day	$0-$5k	$0-$5k
cvss4_cna_ui		N
cvss4_cna_vc		H
cvss4_cna_vi		H
cvss4_cna_va		H
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		8.7
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		H
cvss3_cna_i		H
cvss3_cna_a		H
cvss3_cna_basescore		8.8
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		S
cvss2_cna_ci		C
cvss2_cna_ii		C
cvss2_cna_ai		C
cvss2_cna_basescore		9
cve_nvd_summary		A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryes		Se ha encontrado una vulnerabilidad clasificada como crítica en Tenda RX9 y RX9 Pro 22.03.02.10/22.03.02.20. La función sub_42EA38 del archivo /goform/SetVirtualServerCfg se ve afectada por esta vulnerabilidad. La manipulación de la lista de argumentos provoca un desbordamiento del búfer basado en la pila. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		L

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!