CRITICAL🇵🇱 Wersja polska

CVE-2024-32286

CVSS 9.8v3.1pub. 2024-04-17upd. 2025-03-17

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.

🤖 AI Analysis
How it works

An attacker sends a crafted network request containing an excessively long value of the 'page' parameter passed to the fromVirtualSer function in the device firmware. Lack of proper input length validation causes a stack buffer overflow (CWE-125), which allows overwriting critical memory areas. The attack requires no authentication or user interaction and can be conducted remotely over the network.

Impact

Successful exploitation of the vulnerability may allow an attacker to take full control of the device, including arbitrary code execution (RCE), as well as breach of confidentiality, integrity and availability of the system.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. It is also recommended to restrict access to the device management interface only to trusted networks and to disable remote access to the admin panel if not required.

Who is affected

Tenda W30E firmware version v1.0 V1.0.1.25(633)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda W30e

    HW
    Tenda
    wszystkie wersje
  • Tenda W30e Firmware

    OS
    Tenda
    1.0.1.25\(633\)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-38835CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda W30E via parametr usbPartitionName

CVE-2026-24429CRITICAL9.3PL ✓ten sam produkt

Tenda W30E V2 — predefiniowane domyślne hasło w firmware umożliwia nieautoryzowany dostęp

CVE-2026-24436CRITICAL9.2PL ✓ten sam produkt

Brak ograniczenia prób logowania w Tenda W30E — atak brute-force

CVE-2025-57085CRITICAL9.8PL ✓ten sam produkt

Tenda W30E — stack overflow w funkcji UploadCfg (parametr v17)

CVE-2023-49403CRITICAL9.8PL ✓ten sam produkt

Command injection w routerze Tenda W30E poprzez funkcję setFixTools