CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-10351

Critical Severity
Tenda
SVRS
77/100
CVSSv3
8.8/10
EPSS
0.0027/1

CVE-2024-10351 is a critical vulnerability in Tenda RX9 Pro routers, specifically affecting the handling of POST requests to /goform/setMacFilterCfg. This stack-based buffer overflow can be triggered remotely by manipulating the deviceList argument, potentially leading to arbitrary code execution. While the SOCRadar Vulnerability Risk Score (SVRS) of 77 suggests a high level of risk, it does not reach the critical threshold of 80, so immediate action, but not emergency action is needed. A public exploit exists, increasing the likelihood of exploitation in the wild. The CVSS score is 8.8. The CWE classification is CWE-787, highlighting the dangerous nature of buffer overflows. This flaw enables attackers to potentially gain control of the affected device, compromising network security and privacy. Due to the existence of a public exploit, organizations using Tenda RX9 Pro routers should apply available patches immediately.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-10-25
LAST MODIFIED2024-11-01

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-10351 | Tenda RX9 Pro 22.03.02.20 POST Request /goform/setMacFilterCfg sub_424CE0 deviceList stack-based overflow
vuldb.com2024-10-25
CVE-2024-10351 | Tenda RX9 Pro 22.03.02.20 POST Request /goform/setMacFilterCfg sub_424CE0 deviceList stack-based overflow | A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to
cve-2024-10351
ipv4s
domains
urls

Social Media

[CVE-2024-10351: HIGH] Critical cyber security vulnerability discovered in Tenda RX9 Pro 22.03.02.20. Remote attackers could exploit a stack-based buffer overflow via manipulated deviceList argument in POST Reque...#cybersecurity,#vulnerability https://t.co/tj1sYk2Y8q https://t.co/Rzq2d7IlEB
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSTendarx9_pro_firmware

References

ReferenceLink
[email protected]https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md
[email protected]https://vuldb.com/?ctiid.281699
[email protected]https://vuldb.com/?id.281699
[email protected]https://vuldb.com/?submit.427706
[email protected]https://www.tenda.com.cn/

CWE Details

CWE IDCWE NameDescription
CWE-121Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence