Details of VAR-202403-0815

ID

VAR-202403-0815

CVE

CVE-2024-2814

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC15 Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-003037

DESCRIPTION

A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of AC15 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in October 2015. It supports the 802.11ac protocol and offers a theoretical transmission rate of 1900 Mbps (600 Mbps in the 2.4 GHz band and 1300 Mbps in the 5 GHz band). This vulnerability stems from the failure to properly validate the length of the input data in the "page" parameter of the "fromDhcpListClient" method in the "/goform/DhcpListClient" page. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-2814 // JVNDB: JVNDB-2024-003037 // CNVD: CNVD-2025-24298

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-24298

AFFECTED PRODUCTS

vendor:	tenda	model:	ac15	scope:	eq	version:	15.03.05.20_multi	Trust: 1.0
vendor:	tenda	model:	ac15	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	eq	version:	ac15 firmware 15.03.05.20 multi	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15 15.03.20 multi	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-24298 // JVNDB: JVNDB-2024-003037 // NVD: CVE-2024-2814

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-2814
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-2814
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2024-2814
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-24298
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-2814
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-24298
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-2814
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-2814
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-2814
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-24298 // JVNDB: JVNDB-2024-003037 // NVD: CVE-2024-2814 // NVD: CVE-2024-2814

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-003037 // NVD: CVE-2024-2814

PATCH

title:

Patch for Tenda AC15 fromDhcpListClient method stack buffer overflow vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/743896

Trust: 0.6

sources: CNVD: CNVD-2025-24298

EXTERNAL IDS

db:	NVD	id:	CVE-2024-2814	Trust: 3.2
db:	VULDB	id:	257669	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-003037	Trust: 0.8
db:	CNVD	id:	CNVD-2025-24298	Trust: 0.6

sources: CNVD: CNVD-2025-24298 // JVNDB: JVNDB-2024-003037 // NVD: CVE-2024-2814

REFERENCES

url:	https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac15/v1.0%20v15.03.20_multi/fromdhcplistclient_page.md	Trust: 1.8
url:	https://vuldb.com/?id.257669	Trust: 1.8
url:	https://vuldb.com/?ctiid.257669	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-2814	Trust: 0.8
url:	https://www.jenkins.io/security/advisory/2024-03-06/#security	Trust: 0.6

sources: CNVD: CNVD-2025-24298 // JVNDB: JVNDB-2024-003037 // NVD: CVE-2024-2814

SOURCES

db:	CNVD	id:	CNVD-2025-24298
db:	JVNDB	id:	JVNDB-2024-003037
db:	NVD	id:	CVE-2024-2814

LAST UPDATE DATE

2025-11-19T23:16:15.288000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-24298	date:	2025-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2024-003037	date:	2024-03-28T01:20:00
db:	NVD	id:	CVE-2024-2814	date:	2024-05-17T02:38:31.880

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-24298	date:	2025-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2024-003037	date:	2024-03-28T00:00:00
db:	NVD	id:	CVE-2024-2814	date:	2024-03-22T07:15:47.447