Vulnerability Description
A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function set_repeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g/wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | A15 Firmware | 15.13.07.13 |
| Tenda | A15 | - |
Related Weaknesses (CWE)
References
- https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.250702Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.250702Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?submit.262690
- https://www.tenda.com.cn/
- https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.250702Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.250702Permissions RequiredThird Party AdvisoryVDB Entry
FAQ
What is CVE-2024-0532?
CVE-2024-0532 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function set_repeat5 of the file /goform/WifiExtraSet of the component Web-based Ma...
How severe is CVE-2024-0532?
CVE-2024-0532 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0532?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda A15 Firmware, Tenda A15.