CVE-2024-45415

CRITICAL

ZTE Multiple Routers - Stack-based Buffer Overflow in HTTPD check_data_integrity Function

Title source: llm

Description

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability.

References (1)

Core 1

Core References

Various Sources

https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory/

Scores

CVSS v3 9.8

EPSS 0.0048

EPSS Percentile 37.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-121

Status published

Published Sep 16, 2024

Tracked Since Feb 18, 2026