Cyber Resilience

CVE-2024-0930

MediumPublic PoC

Published: 26 January 2024

Published
26 January 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0734 91.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0930 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tendacn Ac10U Firmware. Its CVSS base score is 4.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A stack-based buffer overflow vulnerability (CWE-121) exists in the fromSetWirelessRepeat function of Tenda AC10U firmware version 15.03.06.49_multi_TDE01. The issue stems from unsanitized input to the wpapsk_crypto argument and has been assigned CVE-2024-0930 with a CVSS 3.1 score of 4.7.

An authenticated administrator can trigger the flaw remotely over the network. Successful exploitation may allow limited corruption of memory on the device, though the CVSS vector restricts impact to partial effects on confidentiality, integrity, and availability.

Public proof-of-concept code has been published on GitHub, and the vulnerability record notes that the vendor was contacted prior to disclosure but provided no response or patch information. The associated EPSS score remains flat at 0.0734 with no material increase observed after publication.

EU & UK References

Vulnerability details

A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been…

more

disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The stack-based buffer overflow in the router's web management function fromSetWirelessRepeat (wpapsk_crypto parameter) is remotely exploitable, enabling adversaries to exploit a public-facing application for initial access, potentially leading to remote code execution.

Affected Assets

tendacn
ac10u firmware
15.03.06.49_multi_tde01

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References