Skip to main content

CVE-2024-24543: n/a in n/a

Critical
VulnerabilityCVE-2024-24543cvecve-2024-24543
Published: Mon Feb 05 2024 (02/05/2024, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.

AI-Powered Analysis

AILast updated: 07/06/2025, 08:25:25 UTC

Technical Analysis

CVE-2024-24543 is a critical buffer overflow vulnerability identified in the setSchedWifi function of the Tenda AC9 router, specifically in firmware version v.15.03.06.42_multi. This vulnerability arises due to improper handling of input data in the setSchedWifi function, allowing a remote attacker to send specially crafted data that overflows the buffer. The overflow can lead to arbitrary code execution or cause a denial of service (DoS) by crashing the device. The vulnerability is remotely exploitable without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The severity is rated critical with a CVSS score of 9.8, reflecting the high impact on confidentiality, integrity, and availability. The CWE-787 classification confirms this is a classic buffer overflow issue. While no known exploits are currently reported in the wild, the ease of exploitation and the critical impact make it a significant threat. The lack of vendor or product-specific details beyond the Tenda AC9 router and the absence of patch information suggest that affected users should be vigilant and seek firmware updates or mitigations from Tenda promptly.

Potential Impact

For European organizations, the impact of this vulnerability can be substantial, especially for those relying on Tenda AC9 routers in their network infrastructure. Successful exploitation could allow attackers to gain unauthorized control over the router, leading to interception or manipulation of network traffic, disruption of internet connectivity, and potential pivoting into internal networks. This could compromise sensitive data confidentiality, disrupt business operations, and degrade service availability. Small and medium enterprises (SMEs) and home office environments using these routers are particularly vulnerable due to typically weaker network defenses. Additionally, critical infrastructure sectors that depend on stable and secure network connectivity could face operational risks if exploited. The remote and unauthenticated nature of the exploit increases the threat surface, enabling attackers to launch attacks from anywhere without prior access.

Mitigation Recommendations

1. Immediate mitigation should focus on isolating affected Tenda AC9 routers from untrusted networks until a firmware update is available. 2. Network administrators should monitor network traffic for unusual patterns indicative of exploitation attempts targeting the setSchedWifi function. 3. Employ network segmentation to limit the exposure of vulnerable routers to critical internal systems. 4. Use firewall rules to restrict access to router management interfaces from untrusted sources. 5. Regularly check Tenda's official channels for firmware updates addressing this vulnerability and apply them promptly once released. 6. If firmware updates are delayed, consider replacing affected devices with routers from vendors with timely security support. 7. Implement intrusion detection/prevention systems (IDS/IPS) with signatures for buffer overflow attempts targeting Tenda routers. 8. Educate users and administrators about the risks of using outdated router firmware and the importance of timely patching.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2024-01-25T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fa1484d88663aec37a

Added to database: 5/20/2025, 6:59:06 PM

Last enriched: 7/6/2025, 8:25:25 AM

Last updated: 8/2/2025, 6:49:03 PM

Views: 7

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats