Description

A vulnerability was found in Tenda i6 1.0.0.9(3857). It has been classified as critical. Affected is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in Tenda i6 1.0.0.9(3857) ausgemacht. Dabei betrifft es die Funktion formWifiMacFilterGet der Datei /goform/WifiMacFilterGet der Komponente httpd. Mittels Manipulieren des Arguments index mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2024-0993

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor: Tenda

Product: i6

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 21.9% (scored less or equal to compared to others)

EPSS Date: 2025-06-08 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0993
https://vuldb.com/?id.252258
https://vuldb.com/?ctiid.252258
https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formWifiMacFilterGet-8b2c5cb67e2a433cad62d737782a7e0f?pvs=4

Timeline