Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-23967

Summary
Assigner-ASRG
Assigner Org ID-c15abc07-96a9-4d11-a503-5d621bfe42ba
Published At-28 Sep, 2024 | 06:12
Updated At-03 Oct, 2024 | 13:41
Rejected At-
Credits

Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability

Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of base64-encoded data within WebSocket messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23230

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ASRG
Assigner Org ID:c15abc07-96a9-4d11-a503-5d621bfe42ba
Published At:28 Sep, 2024 | 06:12
Updated At:03 Oct, 2024 | 13:41
Rejected At:
▼CVE Numbering Authority (CNA)
Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability

Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of base64-encoded data within WebSocket messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23230

Affected Products
Vendor
Autel
Product
MaxiCharger AC Elite Business C50
Default Status
unknown
Versions
Affected
  • 1.32.00
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-24-853/
x_research-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-24-853/
Resource:
x_research-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
autel
Product
maxicharger_ac_elite_business_c50_firmware
CPEs
  • cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.35 (custom)
Vendor
autel
Product
maxicharger_ac_elite_business_c50_eu_firmware
CPEs
  • cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_eu_firmware:1.50:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.50 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@asrg.io
Published At:28 Sep, 2024 | 07:15
Updated At:03 Oct, 2024 | 17:37

Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of base64-encoded data within WebSocket messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23230

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
autel
autel
>>maxicharger_ac_elite_business_c50_firmware>>1.32.00
cpe:2.3:o:autel:maxicharger_ac_elite_business_c50_firmware:1.32.00:*:*:*:*:*:*:*
autel
autel
>>maxicharger_ac_elite_business_c50>>-
cpe:2.3:h:autel:maxicharger_ac_elite_business_c50:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-121Secondarycve@asrg.io
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: cve@asrg.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zerodayinitiative.com/advisories/ZDI-24-853/cve@asrg.io
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-24-853/
Source: cve@asrg.io
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

68Records found
CVE-2023-46552
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.24% / 47.55%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x2000rx2000r_firmwaren/ax2000r_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-28535
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.33% / 55.55%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 00:00
Updated-02 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18_firmwaren/aac18_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-48330
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-8||HIGH
EPSS-0.04% / 12.17%
||
7 Day CHG~0.00%
Published-16 Jun, 2023 | 12:51
Updated-17 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Huawei sound box product has an out-of-bounds write vulnerability. Attackers can exploit this vulnerability to cause buffer overflow. Affected product versions include:FLMG-10 versions FLMG-10 10.0.1.0(H100SP22C00).

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-flmg-10_firmwareflmg-10FLMG-10
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-25756
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.98% / 75.84%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 00:00
Updated-13 Mar, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9ac9_firmwaren/aac9v3.0_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-20708
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-11.20% / 93.22%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 17:06
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv345prv340_firmwarerv345rv340rv340wrv340w_firmwarerv345_firmwarerv345p_firmwareCisco Small Business RV Series Router FirmwareSmall Business RV160, RV260, RV340, and RV345 Series Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-27302
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-8||HIGH
EPSS-0.36% / 57.76%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 12:24
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195artl8710c_firmwarertl8710crtl8195a_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-27301
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-8||HIGH
EPSS-1.05% / 76.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 12:24
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.

Action-Not Available
Vendor-n/aRealtek Semiconductor Corp.
Product-rtl8195artl8710c_firmwarertl8710crtl8195a_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25679
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.04% / 10.89%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 00:00
Updated-24 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2017-1000251
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-2.92% / 85.84%
||
7 Day CHG-0.46%
Published-12 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.NVIDIA Corporation
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationjetson_tx1linux_kernelenterprise_linux_server_eusdebian_linuxenterprise_linux_serverjetson_tk1enterprise_linux_server_ausn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24973
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 3.98%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13992.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-tl-wr940ntl-wr940n_firmwareTL-WR940N
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-46553
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.24% / 47.55%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x2000rx2000r_firmwaren/ax2000r_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.39% / 59.08%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x2000rx2000r_firmwaren/ax2000r_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12865
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.48% / 64.29%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 12:52
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.

Action-Not Available
Vendor-sane-projectn/aCanonical Ltd.openSUSEDebian GNU/Linux
Product-ubuntu_linuxsane_backendsdebian_linuxleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0650
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 3.98%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13993.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-tl-wr940ntl-wr940n_firmwareTL-WR940N
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-1901
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-5.9||MEDIUM
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 04:37
Updated-07 Nov, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCI send_sync Dangling Semaphore Reference Re-use

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyrzephyr
CWE ID-CWE-672
Operation on a Resource after Expiration or Release
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-34551
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-2.81% / 85.58%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 00:00
Updated-21 Oct, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).

Action-Not Available
Vendor-ezvizn/aezviz
Product-cs-cv310-a0-1c2wfr-ccs-cv248-a0-32wmfr_firmwarecs-c6n-r101-1g2wfcs-c6n-r101-1g2wf_firmwarecs-cv310-a0-3c2wfrl-1080plc1ccs-c6n-b0-1g2wf_firmwarecs-cv310-a0-1c2wfr_firmwarelc1c_firmwarecs-cv310-a0-1b2wfrcs-c6n-b0-1g2wfcs-cv248-a0-32wmfrcs-cv310-a0-1c2wfrcs-c6n-a0-1c2wfr-mulcs-c6n-a0-1c2wfr-mul_firmwarecs-cv310-a0-1b2wfr_firmwarecs-cv310-a0-1c2wfr-c_firmwarecs-cv310-a0-3c2wfrl-1080p_firmwaren/acs-cv310-a0-1c2wfrcs-cv248-a0-32wmfr_firmwarecs-c6n-a0-1c2wfr-mul_firmwarecs-cv310-a0-1b2wfr_firmwarecs-c6n-r101-1g2wf_firmwarecs-cv310-a0-1c2wfr-c_firmwarecs-cv310-a0-3c2wfrl-1080p_firmwarecs-c6n-b0-1g2wf_firmwarelc1c_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-46313
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.10% / 27.94%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 00:00
Updated-09 Jul, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-wr941nd_firmwarewr941ndn/atl-wr941nd
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-30607
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.11% / 30.29%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:00
Updated-13 Mar, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1203_firmwarefh1203n/afh1203_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
  • Previous
  • 1
  • 2
  • Next
Details not found