Cyber Resilience

CVE-2024-32293

HighPublic PoC

Published: 17 April 2024

Published
17 April 2024
Modified
17 March 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0585 90.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-32293 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tenda W30E Firmware. Its CVSS base score is 8.0 (High).

Operationally, ranked in the top 9.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Tenda W30E v1.0 firmware version V1.0.1.25(633) contains a stack-based buffer overflow vulnerability (CWE-121) in the fromDhcpListClient function. The flaw is triggered by an unsanitized page parameter and carries a CVSS 3.1 score of 8.0 reflecting adjacent-network access, low attack complexity, and low required privileges.

An attacker already present on the local network can supply a malicious page value to the affected DHCP client listing endpoint, resulting in memory corruption that may be leveraged for arbitrary code execution or full device compromise with impacts to confidentiality, integrity, and availability.

Public references consist solely of proof-of-concept disclosures hosted in an IoT vulnerability repository; no vendor advisory, firmware update, or mitigation guidance is referenced. The associated EPSS score has remained flat at 0.0585 with no material increase since publication.

EU & UK References

Vulnerability details

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tenda
w30e firmware
1.0.1.25\(633\)

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References