Tenda RX9/Pro栈溢出漏洞CVE-2024-10282分析

关键信息 漏洞编号: - VDB-281557 - CVE-2024-10282 受影响产品: - Tenda RX9 - Tenda RX9 Pro 受影响版本: - 22.03.02.10 - 22.03.02.20 漏洞描述: - 漏洞类型: List stack-based overflow - 漏洞位置: /goform/SetVirtualServerCfg - 漏洞函数: sub_42EA38 - 漏洞影响: Stack-based buffer overflow CVSS Meta Temp Score: 8.0 当前利用价格: $0-$5k CTI兴趣评分: 1.31 漏洞影响: Affects confidentiality, integrity, and availability 漏洞公开性: The vulnerability is known as CVE-2024-10282. The exploitation appears to be easy. The attack can be launched remotely. Technical details and also a public exploit are known. 漏洞下载: It is possible to download the exploit at gitee.com. It is declared as proof-of-concept. 建议措施: There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. 相关漏洞编号: VDB-208091, VDB-211825, VDB-231096, VDB-237950 产品信息: - 厂商: Tenda 总结 这个漏洞是一个栈溢出漏洞，影响了Tenda RX9和RX9 Pro的SetVirtualServerCfg函数。漏洞的CVSS Meta Temp Score为8.0，表明其严重性。当前利用价格为$0-$5k，CTI兴趣评分1.31。漏洞公开性高，技术细节和公共利用工具已知。建议替换受影响的产品以防止进一步的安全风险。

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Tenda RX9/Pro栈溢出漏洞CVE-2024-10282分析

目标达成感谢每一位支持者 — 我们达成了 100% 目标！