How severe is CVE-2024-45413?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-45413?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2024-45413 - HIGH Severity | CVSS 8.1

Vulnerability Description

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability.

Related Vulnerabilities

CVE-2019-19333

HIGH

CVSS:8.1(High)

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrus...

CWE-1212019

CVE-2019-19334

HIGH

CVSS:8.1(High)

In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse...

CWE-1212019

CVE-2020-15636

HIGH

CVSS:8.1(High)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0...

CWE-1212020

CVE-2020-25854

HIGH

CVSS:8.1(High)

The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt...

CWE-1212020

CVE-2020-25855

HIGH

CVSS:8.1(High)

The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, result...

CWE-1212020

CVE-2020-25856

HIGH

CVSS:8.1(High)

CWE-1212020