CVE-2024-32293
Published: 17 April 2024
Summary
CVE-2024-32293 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda W30E Firmware. Its CVSS base score is 8.0 (High).
Operationally, ranked in the top 9.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Tenda W30E v1.0 firmware version V1.0.1.25(633) contains a stack-based buffer overflow vulnerability (CWE-121) in the fromDhcpListClient function. The flaw is triggered by an unsanitized page parameter and carries a CVSS 3.1 score of 8.0 reflecting adjacent-network access, low attack complexity, and low required privileges.
An attacker already present on the local network can supply a malicious page value to the affected DHCP client listing endpoint, resulting in memory corruption that may be leveraged for arbitrary code execution or full device compromise with impacts to confidentiality, integrity, and availability.
Public references consist solely of proof-of-concept disclosures hosted in an IoT vulnerability repository; no vendor advisory, firmware update, or mitigation guidance is referenced. The associated EPSS score has remained flat at 0.0585 with no material increase since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30111
Vulnerability details
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.