CVE-2024-0931

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 26, 2024

Updated: May 17, 2024

CWE ID 121

Summary

CVE-2024-0931 is a newly disclosed critical vulnerability that impacts the Tenda AC10U device running version 15.03.06.49_multi_TDE01. The issue lies within the saveParentControlInfo function, which is susceptible to a stack-based buffer overflow. An attacker can exploit this vulnerability by manipulating the deviceId, time, or urls arguments remotely. The exploit for this vulnerability, identified as VDB-252136, has been made public, increasing the risk for potential attacks. Unfortunately, the vendor was unresponsive to early disclosures regarding this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uSdShX
https://www.cve.org/CVERecord?id=CVE-2024-0931
https://nvd.nist.gov/vuln/detail/CVE-2024-0931

Back to Vulnerability Database

CVE-2024-0931

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations