CVE-2024-4112

HIGH

Tenda TX9 22.03.02.10 - Stack-based Buffer Overflow in SetVirtualServerCfg

Title source: llm

Description

A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. This affects the function sub_42CB94 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.261855

Permissions Required, Third Party Advisory, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.261855

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.317206

Broken Link exploit

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/formSetVirtualSer.md

Scores

CVSS v3 8.8

EPSS 0.0034

EPSS Percentile 56.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

tenda/tx9_pro_firmware 22.03.02.10

Published Apr 24, 2024

Tracked Since Feb 18, 2026