CVE-2024-40412

Published Jul 10, 2024

Last updated a year ago

CVSS medium 6.8

Overview

Description
Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function.
Source
cve@mitre.org
NVD status
Analyzed
Products
ax12_firmware

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.8
Impact score
4.7
Exploitability score
2.1
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-121

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.CVE-2025-29215
  2. Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.CVE-2025-29214
  3. AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg.CVE-2024-39963
  4. An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.CVE-2024-40503
  5. Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.CVE-2024-28383

References

Sources include official advisories and independent security research.