ID
VAR-202404-1583
CVE
CVE-2024-32317
TITLE
Shenzhen Tenda Technology Co.,Ltd. of AC10 Stack-based buffer overflow vulnerability in firmware
Trust: 0.8
DESCRIPTION
Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda A18 is a dual-band Gigabit wireless router, mainly for 200M and above fiber users. Tenda AC10 has a buffer overflow vulnerability, which is caused by the adslPwd parameter of the formWanParameterSetting method failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tenda | model: | ac10 | scope: | eq | version: | 16.03.10.13 | Trust: 1.6 |
| vendor: | tenda | model: | ac10 | scope: | eq | version: | 16.03.10.20 | Trust: 1.6 |
| vendor: | tenda | model: | ac10 | scope: | eq | version: | ac10 firmware 16.03.10.13 | Trust: 0.8 |
| vendor: | tenda | model: | ac10 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | ac10 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | ac10 | scope: | eq | version: | ac10 firmware 16.03.10.20 | Trust: 0.8 |
| vendor: | tenda | model: | ac10 | scope: | eq | version: | 4.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-121 | Trust: 1.0 |
| problemtype: | Stack-based buffer overflow (CWE-121) [ others ] | Trust: 0.8 |
PATCH
| title: | Patch for Tenda AC10 Buffer Overflow Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/710301 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-32317 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2024-020537 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-16320 | Trust: 0.6 |
REFERENCES
| url: | https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac10/v16.03.10.13/formwanparametersetting.md | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-32317 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-16320 |
| db: | JVNDB | id: | JVNDB-2024-020537 |
| db: | NVD | id: | CVE-2024-32317 |
LAST UPDATE DATE
2025-07-20T23:20:50.708000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-16320 | date: | 2025-07-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-020537 | date: | 2025-03-18T03:14:00 |
| db: | NVD | id: | CVE-2024-32317 | date: | 2025-03-17T14:22:37.120 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-16320 | date: | 2025-07-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-020537 | date: | 2025-03-18T00:00:00 |
| db: | NVD | id: | CVE-2024-32317 | date: | 2024-04-17T16:15:09.073 |