In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 15-16, 2024.
During this period, The National Vulnerability Database published 68, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 18
Medium: 29
Low: 1
Severity Not Assigned: 19
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-0531
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/yaoyue123/iot/blob/main/Tenda/A15/setBlackRule.md
https://vuldb.com/?ctiid.250701
https://vuldb.com/?id.250701
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-0532
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.md
https://vuldb.com/?ctiid.250702
https://vuldb.com/?id.250702
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-48383
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: NetVision
Information
airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
References: https://www.twcert.org.tw/tw/cp-132-7631-c6be3-1.html
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-0533
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.devname.md
https://vuldb.com/?ctiid.250703
https://vuldb.com/?id.250703
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-0534
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md
https://vuldb.com/?ctiid.250704
https://vuldb.com/?id.250704
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-0535
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250705 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md
https://vuldb.com/?ctiid.250705
https://vuldb.com/?id.250705
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-0536
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md
https://vuldb.com/?ctiid.250706
https://vuldb.com/?id.250706
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-0537
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.7(4456). This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/2/README.md
https://vuldb.com/?ctiid.250707
https://vuldb.com/?id.250707
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-0538
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/3/README.md
https://vuldb.com/?ctiid.250708
https://vuldb.com/?id.250708
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-0552
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server.
References: https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-0539
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md
https://vuldb.com/?ctiid.250709
https://vuldb.com/?id.250709
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-0541
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/6/README.md
https://vuldb.com/?ctiid.250711
https://vuldb.com/?id.250711
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-0542
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/7/README.md
https://vuldb.com/?ctiid.250712
https://vuldb.com/?id.250712
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-42136
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word.
The attacker must have shell access to the device in order to exploit this vulnerability.
References: https://blog.stmcyber.com/pax-pos-cves-2023/
https://cert.pl/en/posts/2024/01/CVE-2023-4818/
https://cert.pl/posts/2024/01/CVE-2023-4818/
https://ppn.paxengine.com/release/development
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-42137
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.
The attacker must have shell access to the device in order to exploit this vulnerability.
References: https://blog.stmcyber.com/pax-pos-cves-2023/
https://cert.pl/en/posts/2024/01/CVE-2023-4818/
https://cert.pl/posts/2024/01/CVE-2023-4818/
https://ppn.paxengine.com/release/development
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-50729
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability.
References: https://github.com/traccar/traccar/security/advisories/GHSA-pqf7-8g85-vx2q
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-0562
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.
References: https://access.redhat.com/security/cve/CVE-2024-0562
https://bugzilla.redhat.com/show_bug.cgi?id=2258475
https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-0565
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
References: https://access.redhat.com/security/cve/CVE-2024-0565
https://bugzilla.redhat.com/show_bug.cgi?id=2258518
https://www.spinics.net/lists/stable-commits/msg328851.html
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-7206
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.
References: https://hornerautomation.com/cscape-software/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 15-16, 2024.
During this period, The National Vulnerability Database published 68, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 1
High: 18
Medium: 29
Low: 1
Severity Not Assigned: 19
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-0531
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/yaoyue123/iot/blob/main/Tenda/A15/setBlackRule.md
https://vuldb.com/?ctiid.250701
https://vuldb.com/?id.250701
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-0532
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.md
https://vuldb.com/?ctiid.250702
https://vuldb.com/?id.250702
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-48383
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: NetVision
Information
airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
References: https://www.twcert.org.tw/tw/cp-132-7631-c6be3-1.html
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-0533
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.devname.md
https://vuldb.com/?ctiid.250703
https://vuldb.com/?id.250703
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
5. CVE-2024-0534
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md
https://vuldb.com/?ctiid.250704
https://vuldb.com/?id.250704
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-0535
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250705 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md
https://vuldb.com/?ctiid.250705
https://vuldb.com/?id.250705
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-0536
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md
https://vuldb.com/?ctiid.250706
https://vuldb.com/?id.250706
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-0537
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.7(4456). This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/2/README.md
https://vuldb.com/?ctiid.250707
https://vuldb.com/?id.250707
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-0538
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/3/README.md
https://vuldb.com/?ctiid.250708
https://vuldb.com/?id.250708
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-0552
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server.
References: https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html
CWE-ID: CWE-74
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-0539
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md
https://vuldb.com/?ctiid.250709
https://vuldb.com/?id.250709
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
12. CVE-2024-0541
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/6/README.md
https://vuldb.com/?ctiid.250711
https://vuldb.com/?id.250711
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
13. CVE-2024-0542
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References: https://github.com/jylsec/vuldb/blob/main/Tenda/W9/7/README.md
https://vuldb.com/?ctiid.250712
https://vuldb.com/?id.250712
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-42136
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word.
The attacker must have shell access to the device in order to exploit this vulnerability.
References: https://blog.stmcyber.com/pax-pos-cves-2023/
https://cert.pl/en/posts/2024/01/CVE-2023-4818/
https://cert.pl/posts/2024/01/CVE-2023-4818/
https://ppn.paxengine.com/release/development
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-42137
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.
The attacker must have shell access to the device in order to exploit this vulnerability.
References: https://blog.stmcyber.com/pax-pos-cves-2023/
https://cert.pl/en/posts/2024/01/CVE-2023-4818/
https://cert.pl/posts/2024/01/CVE-2023-4818/
https://ppn.paxengine.com/release/development
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-50729
Base Score: 8.4
Base Severity: HIGH
Exploitability Score: 1.7
Impact Score: 6.0
Description: Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability.
References: https://github.com/traccar/traccar/security/advisories/GHSA-pqf7-8g85-vx2q
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-0562
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.
References: https://access.redhat.com/security/cve/CVE-2024-0562
https://bugzilla.redhat.com/show_bug.cgi?id=2258475
https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/
CWE-ID: CWE-416
Common Platform Enumerations (CPE): Not Found
18. CVE-2024-0565
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
References: https://access.redhat.com/security/cve/CVE-2024-0565
https://bugzilla.redhat.com/show_bug.cgi?id=2258518
https://www.spinics.net/lists/stable-commits/msg328851.html
CWE-ID: CWE-191
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-7206
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description:
In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.
References: https://hornerautomation.com/cscape-software/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04
CWE-ID: CWE-121
Common Platform Enumerations (CPE): Not Found