Sign-up

ID

VAR-202411-1477


CVE

CVE-2024-52714


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  AC6  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-013239

DESCRIPTION

Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. Shenzhen Tenda Technology Co.,Ltd. of AC6 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the function fromSetSysTime failing to correctly verify the length of the input data. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-52714 // JVNDB: JVNDB-2024-013239 // CNVD: CNVD-2025-15732

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15732

AFFECTED PRODUCTS

vendor:tendamodel:ac6scope:eqversion:15.03.06.50_multi

Trust: 1.0

vendor:tendamodel:ac6scope: - version: -

Trust: 0.8

vendor:tendamodel:ac6scope:eqversion:ac6 firmware 15.03.06.50 multi

Trust: 0.8

vendor:tendamodel:ac6scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac6scope:eqversion:2.0

Trust: 0.6

vendor:tendamodel:ac6scope:eqversion:15.03.06.50

Trust: 0.6

sources: CNVD: CNVD-2025-15732 // JVNDB: JVNDB-2024-013239 // NVD: CVE-2024-52714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-52714
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-52714
value: HIGH

Trust: 1.0

NVD: CVE-2024-52714
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-15732
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-15732
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-52714
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-52714
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2024-52714
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-15732 // JVNDB: JVNDB-2024-013239 // NVD: CVE-2024-52714 // NVD: CVE-2024-52714

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-013239 // NVD: CVE-2024-52714

PATCH

title:Patch for Tenda AC6 Buffer Overflow Vulnerability (CNVD-2025-15732)url:https://www.cnvd.org.cn/patchInfo/show/709106

Trust: 0.6

sources: CNVD: CNVD-2025-15732

EXTERNAL IDS

db:NVDid:CVE-2024-52714

Trust: 3.2

db:JVNDBid:JVNDB-2024-013239

Trust: 0.8

db:CNVDid:CNVD-2025-15732

Trust: 0.6

sources: CNVD: CNVD-2025-15732 // JVNDB: JVNDB-2024-013239 // NVD: CVE-2024-52714

REFERENCES

url:http://tenda.com

Trust: 2.4

url:https://github.com/clan-nad/cve/blob/main/tenda/fromsetsystime/1.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-52714

Trust: 0.8

sources: CNVD: CNVD-2025-15732 // JVNDB: JVNDB-2024-013239 // NVD: CVE-2024-52714

SOURCES

db:CNVDid:CNVD-2025-15732
db:JVNDBid:JVNDB-2024-013239
db:NVDid:CVE-2024-52714

LAST UPDATE DATE

2025-07-17T23:46:04.002000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15732date:2025-07-15T00:00:00
db:JVNDBid:JVNDB-2024-013239date:2024-11-21T03:23:00
db:NVDid:CVE-2024-52714date:2024-11-20T20:35:15.260

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15732date:2025-07-15T00:00:00
db:JVNDBid:JVNDB-2024-013239date:2024-11-21T00:00:00
db:NVDid:CVE-2024-52714date:2024-11-19T19:15:08.680