CVE-2024-2807 - Vulnerability Details - OpenCVE

A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Tenda	Ac15 Ac15 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:::::::*
	cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:::::::*

cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md
https://vuldb.com/?ctiid.257662
https://vuldb.com/?id.257662

History

Thu, 10 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:h:tenda:ac15:-:::::::*
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-03-22T04:31:05.417Z

Updated: 2025-04-10T20:11:54.920Z

Reserved: 2024-03-21T21:33:54.048Z

Link: CVE-2024-2807

Vulnrichment

Updated: 2024-08-01T19:25:41.694Z

NVD

Status : Modified

Published: 2024-03-22T05:15:48.807

Modified: 2024-11-21T09:10:34.117

Link: CVE-2024-2807

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2807", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-03-21T21:33:54.048Z", "datePublished": "2024-03-22T04:31:05.417Z", "dateUpdated": "2025-04-10T20:11:54.920Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-03-22T04:31:05.417Z"}, "title": "Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "affected": [{"vendor": "Tenda", "product": "AC15", "versions": [{"version": "15.03.05.18", "status": "affected"}, {"version": "15.03.20_multi", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Tenda AC15 15.03.05.18/15.03.20_multi wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formExpandDlnaFile der Datei /goform/expandDlnaFile. Durch das Beeinflussen des Arguments filePath mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "timeline": [{"time": "2024-03-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-03-21T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-03-21T22:38:57.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "yhryhryhr_miemie (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.257662", "name": "VDB-257662 | Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.257662", "name": "VDB-257662 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "tenda", "product": "ac15", "cpes": ["cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15.03.05.18", "status": "affected"}, {"version": "15.03.20_multi", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-25T16:38:21.385456Z", "id": "CVE-2024-2807", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T20:11:54.920Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:41.694Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.257662", "name": "VDB-257662 | Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.257662", "name": "VDB-257662 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md", "tags": ["exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.257662", "name": "VDB-257662 | Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.257662", "name": "VDB-257662 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:41.694Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2807", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-25T16:38:21.385456Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*"], "vendor": "tenda", "product": "ac15", "versions": [{"status": "affected", "version": "15.03.05.18"}, {"status": "affected", "version": "15.03.20_multi"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T14:20:28.494Z"}}], "cna": {"title": "Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "yhryhryhr_miemie (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "affected": [{"vendor": "Tenda", "product": "AC15", "versions": [{"status": "affected", "version": "15.03.05.18"}, {"status": "affected", "version": "15.03.20_multi"}]}], "timeline": [{"lang": "en", "time": "2024-03-21T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-03-21T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-03-21T22:38:57.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.257662", "name": "VDB-257662 | Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.257662", "name": "VDB-257662 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Tenda AC15 15.03.05.18/15.03.20_multi wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formExpandDlnaFile der Datei /goform/expandDlnaFile. Durch das Beeinflussen des Arguments filePath mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-03-22T04:31:05.417Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2807", "state": "PUBLISHED", "dateUpdated": "2025-04-10T20:11:54.920Z", "dateReserved": "2024-03-21T21:33:54.048Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-03-22T04:31:05.417Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "matchCriteriaId": "56881C41-A993-45CC-BAE6-E9DE17FA56E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi:*:*:*:*:*:*:*", "matchCriteriaId": "BAF4BBA3-7C56-4383-B167-933075D5C39F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5059CAD-BD1A-4808-BCED-006444E60701", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Tenda AC15 15.03.05.18/15.03.20_multi y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n formExpandDlnaFile del archivo /goform/expandDlnaFile. La manipulaci\u00f3n del argumento filePath conduce a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-257662 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-2807", "lastModified": "2024-11-21T09:10:34.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-22T05:15:48.807", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.257662"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.257662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.257662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.257662"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Secondary"}]}