Details of VAR-202502-0396

ID

VAR-202502-0396

CVE

CVE-2024-46431

TITLE

Shenzhen Tenda Technology Co.,Ltd. of w18e Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-020922

DESCRIPTION

Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function. Shenzhen Tenda Technology Co.,Ltd. of w18e Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W18E has a buffer overflow vulnerability, which is caused by the delWewifiPic function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2024-46431 // JVNDB: JVNDB-2024-020922 // CNVD: CNVD-2025-09400

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-09400

AFFECTED PRODUCTS

vendor:	tenda	model:	w18e	scope:	eq	version:	16.01.0.8\(1625\)	Trust: 1.0
vendor:	tenda	model:	w18e	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	w18e	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	w18e	scope:	eq	version:	w18e firmware 16.01.0.8(1625)	Trust: 0.8
vendor:	tenda	model:	w18e	scope:	eq	version:	16.01.0.8(1625)	Trust: 0.6

sources: CNVD: CNVD-2025-09400 // JVNDB: JVNDB-2024-020922 // NVD: CVE-2024-46431

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-46431
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2024-020922
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-09400
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-09400
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-46431
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-020922
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-09400 // JVNDB: JVNDB-2024-020922 // NVD: CVE-2024-46431

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020922 // NVD: CVE-2024-46431

EXTERNAL IDS

db:	NVD	id:	CVE-2024-46431	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020922	Trust: 0.8
db:	CNVD	id:	CNVD-2025-09400	Trust: 0.6

sources: CNVD: CNVD-2025-09400 // JVNDB: JVNDB-2024-020922 // NVD: CVE-2024-46431

REFERENCES

url:	https://reddassolutions.com/blog/tenda_w18e_security_research	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-46431	Trust: 1.4

sources: CNVD: CNVD-2025-09400 // JVNDB: JVNDB-2024-020922 // NVD: CVE-2024-46431

SOURCES

db:	CNVD	id:	CNVD-2025-09400
db:	JVNDB	id:	JVNDB-2024-020922
db:	NVD	id:	CVE-2024-46431

LAST UPDATE DATE

2025-05-13T23:03:35.639000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-09400	date:	2025-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-020922	date:	2025-03-26T02:10:00
db:	NVD	id:	CVE-2024-46431	date:	2025-03-25T18:12:49.380

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-09400	date:	2025-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2024-020922	date:	2025-03-26T00:00:00
db:	NVD	id:	CVE-2024-46431	date:	2025-02-10T19:15:38.390