Cyber Resilience

CVE-2024-46431

HighPublic PoC

Published: 10 February 2025

Published
10 February 2025
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 10.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46431 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda W18E Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-46431 is a buffer overflow vulnerability (CWE-120) affecting the Tenda W18E router running firmware version V16.01.0.8(1625). The flaw resides in the delWewifiPic function within the web management portal, where specially crafted data can trigger the overflow.

An attacker with low privileges (PR:L) and adjacent network access (AV:A) can exploit this vulnerability with low complexity (AC:L) and no user interaction required (UI:N). Successful exploitation grants high-impact confidentiality, integrity, and availability consequences (C:H/I:H/A:H), potentially allowing arbitrary code execution on the device.

The primary advisory is detailed in a security research blog at https://reddassolutions.com/blog/tenda_w18e_security_research, which covers the vulnerability discovery but does not specify patch availability or mitigation steps in the provided information.

EU & UK References

Vulnerability details

Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Buffer overflow in web management portal of network device enables RCE from adjacent access with low privileges, directly mapping to public-facing application exploitation and privilege escalation via memory corruption.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-46434Same product: Tenda W18E
CVE-2024-46435Same product: Tenda W18E
CVE-2024-46432Same product: Tenda W18E
CVE-2024-46429Same product: Tenda W18E
CVE-2024-46436Same product: Tenda W18E
CVE-2024-46433Same product: Tenda W18E
CVE-2026-3273Same vendor: Tenda
CVE-2026-3398Same vendor: Tenda
CVE-2026-7078Same vendor: Tenda
CVE-2025-25674Same vendor: Tenda

Affected Assets

tenda
w18e firmware
16.01.0.8\(1625\)

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires validation of all information inputs, directly preventing buffer overflows triggered by specially crafted data sent to the delWewifiPic function.

prevent

SI-16 implements memory protection mechanisms like stack guards and address space randomization, comprehensively mitigating exploitation of the buffer overflow for arbitrary code execution.

prevent

SI-2 mandates timely flaw remediation through patching firmware vulnerabilities like CVE-2024-46431 in the Tenda W18E router.

References