CVE-2024-45415

EPSS 0.68%
Published 16.09.2024 21:15:45
Last modified 20.09.2024 12:31:20
Source cve@mitre.org
Teams watchlist Login
Open Login

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorzte

≫

Product zxhn_z500_firmware

Default Statusunknown

Version V1.0.1.1B2.1000

Status affected

Vendorzte

≫

Product zxhn_e500_firmware

Default Statusunknown

Version V1.0.1.1B2.1000

Status affected

Vendorzte

≫

Product zxhn_h108n_firmware

Default Statusunknown

Version V2.6.20.ROST12

Status affected

Vendorzte

≫

Product zxhn_e2615_firmware

Default Statusunknown

Version V1.0.1

Status affected

Vendorzte

≫

Product zxhn_e2603_firmware

Default Statusunknown

Version V1.0.1

Status affected

Vendorzte

≫

Product zxhn_e2618_firmware

Default Statusunknown

Version V1.0.0.2B4.3000

Status affected

Vendorzte

≫

Product zxhn_e1600_firmware

Default Statusunknown

Version V1.0.0.2B1.1000

Status affected

Vendorzte

≫

Product zxhn_h338a_firmware

Default Statusunknown

Version V1.5.0_H3A.1T9P1-o

Status affected

Vendorzte

≫

Product zxhn_h168n_firmware

Default Statusunknown

Version V3.5.5_CO.1T1

Status affected

Vendorzte

≫

Product zxhn_h168a_firmware

Default Statusunknown

Version TTN.1T1_211029

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.68%	0.705

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory/

https://nvd.nist.gov/vuln/detail/CVE-2024-45415

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45415

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45415

EUVD