CVE-2024-0540

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 15, 2024

Updated: May 17, 2024

CWE ID 787

CWE ID 121

Summary

CVE-2024-0540 is a critical vulnerability affecting Tenda W9 1.0.0.7(4456) devices. The issue lies in the function formOfflineSet of the component httpd. An attacker can exploit this stack-based buffer overflow vulnerability by manipulating the argument ssidIndex. This attack can be launched remotely, making it a significant security concern. The exploit for this vulnerability has been disclosed to the public, increasing the risk for potential attacks. Vendor VDB-250710 identifies this issue, and although contacted early, the vendor did not respond to disclose a patch or mitigation strategy.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uJMbSY
https://www.cve.org/CVERecord?id=CVE-2024-0540
https://nvd.nist.gov/vuln/detail/CVE-2024-0540

Back to Vulnerability Database

CVE-2024-0540

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations