CVE-2024-2489

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Mar 15, 2024

Updated: May 17, 2024

CWE ID 78

CWE ID 269

Summary

CVE-2024-2489 is a newly disclosed critical vulnerability affecting the Tenda AC18 router model with firmware version 15.03.05.05. The issue lies within the function formSetQosBand of the SetNetControlList file, which is susceptible to a stack-based buffer overflow. An attacker can exploit this vulnerability remotely by manipulating the argument list, potentially leading to arbitrary code execution. The exploit for this vulnerability, identified as VDB-256896, has been made public, posing a significant risk to affected devices. Regrettably, vendor response has been absent following early disclosure of this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database