CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
---|---|---|---|---|---|
CVE-2024-9284A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 6.5 | Tp-link | - | - | |
CVE-2024-9043Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets to crash the process, thereby bypassing authentication and obtaining system administrator privileges. | CVSS 9.8 | Cisco, et al | Exploit | - | |
CVE-2024-8408A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Linksys | Exploit | - | |
CVE-2024-8231A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | Exploit | - | |
CVE-2024-8230A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-8229A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-8228A vulnerability was found in Tenda O5 1.0.0.8(5017). It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-8227A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-8226A vulnerability has been found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-8225A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-8224A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-7994A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | CVSS 7.8 | Autodesk | - | Patched | |
CVE-2024-7992A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | CVSS 7.8 | Autodesk | - | Patched | |
CVE-2024-7909A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Totolink | Exploit | - | |
CVE-2024-7908A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Totolink | Exploit | - | |
CVE-2024-7795Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the AppAuthenExchangeRandomNum BLE command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23384. | CVSS 8.8 | - | - | ||
CVE-2024-7784During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | CVSS 6.1 | Axis | - | - | |
CVE-2024-7707A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-7615A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-7614A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-7581A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda, et al | Exploit | - | |
CVE-2024-7547This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.<br/>The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.<br/> <p>08/05/24 – ZDI made multiple attempts to report the vulnerability to the vendor via the oFono distribution list, Red Hat, and upstream Linux Kernel, but the vendor did not respond. The Linux Kernel informed ZDI that since it “has nothing to do with the Linux Kernel,” we should report it to the distribution list. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application</p><br/></td> | CVSS 7.8 | Ofono project | Exploit | Patched | |
CVE-2024-7539This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.<br/>The specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.<br/> <p>08/05/24 – ZDI made multiple attempts to report the vulnerability to the vendor via the oFono distribution list, Red Hat, and upstream Linux Kernel, but the vendor did not respond. The Linux Kernel informed ZDI that since it “has nothing to do with the Linux Kernel,” we should report it to the distribution list. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application</p><br/></td> | CVSS 7.8 | Ofono project | Exploit | Patched | |
CVE-2024-7538This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability.<br/>The specific flaw exists within the parsing of responses from AT Commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.<br/> <p>08/05/24 – ZDI made multiple attempts to report the vulnerability to the vendor via the oFono distribution list, Red Hat, and upstream Linux Kernel, but the vendor did not respond. The Linux Kernel informed ZDI that since it “has nothing to do with the Linux Kernel,” we should report it to the distribution list. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application</p><br/></td> | CVSS 7.8 | Ofono project | Exploit | Patched | |
CVE-2024-7502A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. | CVSS 7.8 | Deltaww | - | - | |
CVE-2024-7441** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273526 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. | CVSS 9.8 | Vivotek | - | - | |
CVE-2024-7439** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. | CVSS 9.8 | Vivotek | - | - | |
CVE-2024-7152A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | Exploit | - | |
CVE-2024-7151A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-7013Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | CVSS 7.8 | Panasonic | - | - | |
CVE-2024-6965A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272119. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | Exploit | - | |
CVE-2024-6964A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272118 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | Exploit | - | |
CVE-2024-6963A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | Exploit | - | |
CVE-2024-6962A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | Exploit | - | |
CVE-2024-6744The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server. | CVSS 9.8 | Cisco, et al | - | - | |
CVE-2024-6403A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269948. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda, et al | Exploit | - | |
CVE-2024-6402A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269947. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 9.8 | Tenda, et al | Exploit | - | |
CVE-2024-6189A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda, et al | Exploit | - | |
CVE-2024-6146This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server.<br/> <p>08/03/23 – ZDI requested vendor PSIRT contact. </p><p>08/11/23 – ZDI asked for an update. </p><p>09/18/23 – ZDI asked for an update. </p><p>09/18/23 – The vendor sent an automated support ticket response. </p><p>10/20/23 – ZDI asked for an update. </p><p>02/27/24 – ZDI sent the report to Actiontec support.</p><p>03/27/24 – The vendor sent an automated support ticket response.</p><p>06/17/27 – The ZDI informed the vendor that since we’ve never received a formal response to the report, that we intend to publish the report as a zero-day advisory on 6/18/24. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.</p><br/></td> | CVSS 8.8 | Actiontec | Exploit | - | |
CVE-2024-6144This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server.<br/> <p>08/03/23 – ZDI requested vendor PSIRT contact. </p><p>08/11/23 – ZDI asked for an update. </p><p>09/18/23 – ZDI asked for an update. </p><p>09/18/23 – The vendor sent an automated support ticket response. </p><p>10/20/23 – ZDI asked for an update. </p><p>02/27/24 – ZDI sent the report to Actiontec support.</p><p>03/27/24 – The vendor sent an automated support ticket response.</p><p>06/17/27 – The ZDI informed the vendor that since we’ve never received a formal response to the report, that we intend to publish the report as a zero-day advisory on 6/18/24. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.</p><br/></td> | CVSS 8.8 | Actiontec | Exploit | - | |
CVE-2024-6137BT: Classic: SDP OOB access in get_att_search_list | CVSS 6.5 | Zephyrproject | Exploit | Patched | |
CVE-2024-5950This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the handling of multipart form variables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.<br/> <p>01/21/24 – ZDI requested a vendor PSIRT contact. </p><p>01/22/24 – The vendor provided contact information.</p><p>01/23/24 – ZDI reported the vulnerability to the vendor. </p><p>02/05/24 – The vendor states the report was blocked by IT and asked ZDI to resend the report. </p><p>02/12/24 – ZDI resent the report using an alternative method.</p><p>02/13/24 – The vendor asked why we performed tests on their products.</p><p>02/13/24 – ZDI provided the vendor with additional details about the ZDI program.</p><p>02/14/24 – The vendor asked what initiated the ZDI to look at the DSE855.</p><p>02/14/24 – ZDI emphasized our intent to responsibly disclose this vulnerability to Deep Sea for remediation. The ZDI also offered additional resources about coordinated vulnerability disclosure, as well as feedback on implementing a proper incident response process. We also reiterated our 120-day disclosure policy to ensure the vendor was aware they needed to respond with a patch within the allotted time. </p><p>05/24/24 – ZDI informed the vendor that since we never received a response that we have assume this vulnerability remains unpatched, and that we’re publishing this case as a zero-day advisory on 06/13/24. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.</p><br/></td> | CVSS 8.8 | Exploit | - | ||
CVE-2024-5948This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within the handling of multipart boundaries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.<br/> <p>01/21/24 – ZDI requested a vendor PSIRT contact. </p><p>01/22/24 – The vendor provided contact information.</p><p>01/23/24 – ZDI reported the vulnerability to the vendor. </p><p>02/05/24 – The vendor states the report was blocked by IT and asked ZDI to resend the report. </p><p>02/12/24 – ZDI resent the report using an alternative method.</p><p>02/13/24 – The vendor asked why we performed tests on their products.</p><p>02/13/24 – ZDI provided the vendor with additional details about the ZDI program.</p><p>02/14/24 – The vendor asked what initiated the ZDI to look at the DSE855.</p><p>02/14/24 – ZDI emphasized our intent to responsibly disclose this vulnerability to Deep Sea for remediation. The ZDI also offered additional resources about coordinated vulnerability disclosure, as well as feedback on implementing a proper incident response process. We also reiterated our 120-day disclosure policy to ensure the vendor was aware they needed to respond with a patch within the allotted time. </p><p>05/24/24 – ZDI informed the vendor that since we never received a response that we have assume this vulnerability remains unpatched, and that we’re publishing this case as a zero-day advisory on 06/13/24. </p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.</p><br/></td> | CVSS 8.8 | Exploit | - | ||
CVE-2024-5931BT: Unchecked user input in bap_broadcast_assistant | CVSS 6.5 | Zephyrproject | Exploit | Patched | |
CVE-2024-5602A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.
The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products. Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy. | CVSS 7.8 | Ni | - | - | |
CVE-2024-5507Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22266. | CVSS 7.8 | Luxion | Exploit | Patched | |
CVE-2024-5305Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22921. | CVSS 7.8 | Tungstenautomation, et al | Exploit | - | |
CVE-2024-5293This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability.<br/>The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.<br/> <p>08/09/23 – ZDI reported the vulnerability to the vendor<br/>08/24/23 – The vendor communicated that the case would be fixed in Q4, 2023 release<br/>05/01/24 – ZDI notified the vendor of the intention to publish the case as 0-day advisory on 05/14/24</p><p>-- Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.</p><br/></td> | CVSS Low | Dlink | Exploit | - | |
CVE-2024-52572A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486) | CVSS 7.8 | Siemens | - | - | |
CVE-2024-5242TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.
The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522. | CVSS Low | Tp-link | Exploit | - | |
CVE-2024-47962Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | CVSS 7.8 | Deltaww | - | - | |
CVE-2024-47939Stack-based buffer overflow vulnerability exists in multiple Ricoh laser printers and MFPs which implement Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. As for the details of affected product names and versions, refer to the information provided by the vendor under [References]. | CVSS HIGH | Ricoh | - | - | |
CVE-2024-47909A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | CVSS 4.9 | Ivanti | - | Patched | |
CVE-2024-47907A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | CVSS 7.5 | Ivanti | - | Patched | |
CVE-2024-47905A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | CVSS 4.9 | Ivanti | - | Patched | |
CVE-2024-47410Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | Adobe | - | Patched | |
CVE-2024-47135Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. | CVSS 7.8 | Jtekt | - | Patched | |
CVE-2024-47131If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code. | CVSS 7.8 | - | - | ||
CVE-2024-47072XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver. | CVSS 7.5 | Xstream project | - | Patched | |
CVE-2024-46325TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. | CVSS 5.5 | Tp-link | - | - | |
CVE-2024-46313TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. | CVSS 8 | Tp-link | - | - | |
CVE-2024-46049Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-46047Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function. | CVSS 7.5 | Tenda | Exploit | - | |
CVE-2024-46046Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-46045Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-46044CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. | CVSS 9.8 | Oracle, et al | Exploit | - | |
CVE-2024-45695The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | CVSS 9.8 | Dlink | - | - | |
CVE-2024-45694The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | CVSS 9.8 | Dlink | - | - | |
CVE-2024-4550A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. | CVSS 6.7 | Lenovo | - | - | |
CVE-2024-45415The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. | CVSS 9.8 | - | - | ||
CVE-2024-45414The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. | CVSS 9.8 | - | - | ||
CVE-2024-45413The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability. | CVSS 8.1 | - | - | ||
CVE-2024-45158An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.) | CVSS 9.8 | Arm | - | - | |
CVE-2024-4497A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263086 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | - | - | |
CVE-2024-4496A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. This affects the function formWifiMacFilterSet. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263085 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | - | - | |
CVE-2024-4495A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263084. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | - | - | |
CVE-2024-4494A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this vulnerability is the function formSetUplinkInfo of the file /goform/setUplinkInfo. The manipulation of the argument pingHostIp2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263083. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | - | - | |
CVE-2024-4493A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). Affected is the function formSetAutoPing. The manipulation of the argument ping1/ping2 leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263082 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | - | - | |
CVE-2024-4492A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). This issue affects the function formOfflineSet of the file /goform/setStaOffline. The manipulation of the argument GO/ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263081 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | - | - | |
CVE-2024-4491A vulnerability classified as critical was found in Tenda i21 1.0.0.14(4656). This vulnerability affects the function formGetDiagnoseInfo. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263080. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | CVSS 8.8 | Tenda | - | - | |
CVE-2024-44859Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`. | CVSS 8 | Tenda | - | - | |
CVE-2024-44674D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src. | CVSS 5.7 | Dlink | - | - | |
CVE-2024-44589Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code. | CVSS 8.8 | Dlink | - | - | |
CVE-2024-44565Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-44563Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-44558Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-44557Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-44556Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-44553Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-44550Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-44549Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. | CVSS 9.8 | Tenda | Exploit | - | |
CVE-2024-44390Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset. | CVSS 8.8 | Tenda | - | - | |
CVE-2024-44387Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet. | CVSS 6.5 | Tenda | - | - | |
CVE-2024-44386Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind. | CVSS 7.3 | Tenda | - | - | |
CVE-2024-43700xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment. | CVSS 7.8 | Sap | - | Patched | |
CVE-2024-43689Stack-based buffer overflow vulnerability exists in WAB-I1750-PS and WAB-S1167-PS. By processing a specially crafted HTTP request, arbitrary code may be executed. | CVSS 9.8 | Elecom | - | Patched | |
CVE-2024-43630Windows Kernel Elevation of Privilege Vulnerability | CVSS 7.8 | Microsoft | - | Patched | |
CVE-2024-43549Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | CVSS 8.8 | Microsoft | - | Patched | |
CVE-2024-43032autMan v2.9.6 allows attackers to bypass authentication via a crafted web request. | CVSS 4.3 | - | - | ||
CVE-2024-43031autMan v2.9.6 was discovered to contain an access control issue. | CVSS 4.3 | - | - |