CVE-2024-2547

CVSS 2.0 Score 9.0 of 10 (high)

Details

Published Mar 17, 2024

Updated: May 17, 2024

CWE ID 121

Summary

CVE-2024-2547 is a critical vulnerability affecting the Tenda AC18 model with firmware version 15.03.05.05. This issue lies in the R7WebsSecurityHandler function, which experiences a stack-based buffer overflow when the password argument is manipulated. The exploit can be executed remotely, and the vulnerability identifier is VDB-257000. Notably, the public has gained access to the exploit, making it a serious concern for users who have not yet patched their devices. Despite early disclosure to the vendor, they have not responded or provided a remediation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/u5vIhG
https://www.cve.org/CVERecord?id=CVE-2024-2547
https://nvd.nist.gov/vuln/detail/CVE-2024-2547

Back to Vulnerability Database

CVE-2024-2547

CVSS 2.0 Score 9.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations