CVE-2024-35571

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-35571
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://detailed-stetson-767.notion.site/Tenda-AX1806-Buffer-Overflow-in-formSetIptv-cebf9202122a4582ae86c5253b3f6da3?pvs=4 Exploit Third Party Advisory Broken Link
https://detailed-stetson-767.notion.site/Tenda-AX1806-Buffer-Overflow-in-formSetIptv-cebf9202122a4582ae86c5253b3f6da3?pvs=4 Exploit Third Party Advisory Broken Link
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ax1806:-:*:*:*:*:*:*:*
History

17 Mar 2025, 14:28

Type Values Removed Values Added
First Time Tenda
Tenda ax1806
Tenda ax1806 Firmware
CPE cpe:2.3:o:tenda:ax1806_firmware:1.0.0.1:*:*:*:*:*:*:*
cpe:2.3:h:tenda:ax1806:-:*:*:*:*:*:*:*
References () https://detailed-stetson-767.notion.site/Tenda-AX1806-Buffer-Overflow-in-formSetIptv-cebf9202122a4582ae86c5253b3f6da3?pvs=4 - () https://detailed-stetson-767.notion.site/Tenda-AX1806-Buffer-Overflow-in-formSetIptv-cebf9202122a4582ae86c5253b3f6da3?pvs=4 - Exploit, Third Party Advisory, Broken Link
Information

Published : 2024-05-20 18:15

Updated : 2025-03-17 14:28

NVD link : CVE-2024-35571

Mitre link : CVE-2024-35571

CVE.ORG link : CVE-2024-35571

JSON object : View

Products Affected

tenda

  • ax1806_firmware
  • ax1806
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')