ID
VAR-202409-1458
CVE
CVE-2024-46652
TITLE
Shenzhen Tenda Technology Co.,Ltd. of AC8 Out-of-bounds write vulnerability in firmware
Trust: 0.8
DESCRIPTION
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. Shenzhen Tenda Technology Co.,Ltd. of AC8 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tenda | model: | ac8 | scope: | eq | version: | 16.03.34.06 | Trust: 1.0 |
| vendor: | tenda | model: | ac8 | scope: | eq | version: | ac8 firmware 16.03.34.06 | Trust: 0.8 |
| vendor: | tenda | model: | ac8 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | ac8 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | tenda | model: | ac8v4 | scope: | eq | version: | v16.03.34.06 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.0 |
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Classic buffer overflow (CWE-120) [ others ] | Trust: 0.8 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-46652 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2024-020818 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2024-39363 | Trust: 0.6 |
REFERENCES
| url: | https://github.com/zp9080/tenda/blob/main/tenda-ac8v4%20v16.03.34.06-fromadvsetmacmtuwan/overview.md | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-46652 | Trust: 1.4 |
SOURCES
| db: | CNVD | id: | CNVD-2024-39363 |
| db: | JVNDB | id: | JVNDB-2024-020818 |
| db: | NVD | id: | CVE-2024-46652 |
LAST UPDATE DATE
2025-03-28T02:25:04.978000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-39363 | date: | 2024-09-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-020818 | date: | 2025-03-24T09:36:00 |
| db: | NVD | id: | CVE-2024-46652 | date: | 2025-03-17T15:00:28.117 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-39363 | date: | 2024-09-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-020818 | date: | 2025-03-24T00:00:00 |
| db: | NVD | id: | CVE-2024-46652 | date: | 2024-09-20T16:15:05.063 |