9.8
CVE-2024-45414
- EPSS 0.83%
- Veröffentlicht 16.09.2024 21:15:45
- Zuletzt bearbeitet 20.09.2024 12:31:20
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerzte
≫
Produkt
zxhn_z500_firmware
Default Statusunknown
Version
V1.0.1.1B2.1000
Status
affected
Herstellerzte
≫
Produkt
zxhn_e500_firmware
Default Statusunknown
Version
V1.0.1.1B2.1000
Status
affected
Herstellerzte
≫
Produkt
zxhn_h108n_firmware
Default Statusunknown
Version
V2.6.20.ROST12
Status
affected
Herstellerzte
≫
Produkt
zxhn_e2615_firmware
Default Statusunknown
Version
V1.0.1
Status
affected
Herstellerzte
≫
Produkt
zxhn_e2603_firmware
Default Statusunknown
Version
V1.0.1
Status
affected
Herstellerzte
≫
Produkt
zxhn_e2618_firmware
Default Statusunknown
Version
V1.0.0.2B4.3000
Status
affected
Herstellerzte
≫
Produkt
zxhn_e1600_firmware
Default Statusunknown
Version
V1.0.0.2B1.1000
Status
affected
Herstellerzte
≫
Produkt
zxhn_h338a_firmware
Default Statusunknown
Version
V1.5.0_H3A.1T9P1-o
Status
affected
Herstellerzte
≫
Produkt
zxhn_h168n_firmware
Default Statusunknown
Version
V3.5.5_CO.1T1
Status
affected
Herstellerzte
≫
Produkt
zxhn_h168a_firmware
Default Statusunknown
Version
TTN.1T1_211029
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.83% | 0.735 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).