Details of VAR-202407-2403

ID

VAR-202407-2403

CVE

CVE-2024-7151

TITLE

Shenzhen Tenda Technology Co.,Ltd. of o3 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-009503

DESCRIPTION

A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of o3 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda O3 has a buffer overflow vulnerability, which is caused by the parameter remark failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-7151 // JVNDB: JVNDB-2024-009503 // CNVD: CNVD-2025-10780

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-10780

AFFECTED PRODUCTS

vendor:	tenda	model:	o3	scope:	eq	version:	1.0.0.10\(2478\)	Trust: 1.0
vendor:	tenda	model:	o3	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	o3	scope:	eq	version:	o3 firmware 1.0.0.10(2478)	Trust: 0.8
vendor:	tenda	model:	o3	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	o3	scope:	eq	version:	1.0.0.10(2478)	Trust: 0.6

sources: CNVD: CNVD-2025-10780 // JVNDB: JVNDB-2024-009503 // NVD: CVE-2024-7151

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-7151
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-7151
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2024-009503
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-10780
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2024-7151
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-009503
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-10780
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-7151
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-7151
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2024-009503
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-10780 // JVNDB: JVNDB-2024-009503 // NVD: CVE-2024-7151 // NVD: CVE-2024-7151

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-009503 // NVD: CVE-2024-7151

EXTERNAL IDS

db:	NVD	id:	CVE-2024-7151	Trust: 3.2
db:	VULDB	id:	272554	Trust: 2.4
db:	JVNDB	id:	JVNDB-2024-009503	Trust: 0.8
db:	CNVD	id:	CNVD-2025-10780	Trust: 0.6

sources: CNVD: CNVD-2025-10780 // JVNDB: JVNDB-2024-009503 // NVD: CVE-2024-7151

REFERENCES

url:	https://vuldb.com/?id.272554	Trust: 2.4
url:	https://github.com/noahze01/iot-vulnerable/blob/main/tenda/o3v2.0/frommacfilterset.md	Trust: 1.8
url:	https://vuldb.com/?submit.377040	Trust: 1.8
url:	https://vuldb.com/?ctiid.272554	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-7151	Trust: 0.8

sources: CNVD: CNVD-2025-10780 // JVNDB: JVNDB-2024-009503 // NVD: CVE-2024-7151

SOURCES

db:	CNVD	id:	CNVD-2025-10780
db:	JVNDB	id:	JVNDB-2024-009503
db:	NVD	id:	CVE-2024-7151

LAST UPDATE DATE

2025-05-28T23:12:23.432000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-10780	date:	2025-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2024-009503	date:	2024-10-02T00:48:00
db:	NVD	id:	CVE-2024-7151	date:	2024-10-01T20:28:02.453

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-10780	date:	2025-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2024-009503	date:	2024-10-02T00:00:00
db:	NVD	id:	CVE-2024-7151	date:	2024-07-27T20:15:09.650