CVE-2024-2708

CVSS 3.1 Score 0.0 of 10 (low)

Details

Published Mar 20, 2024

Updated: May 17, 2024

CWE ID 1333

CWE ID 400

Summary

CVE-2024-2708 is a newly disclosed critical vulnerability affecting the Tenda AC15.03.06.49 firmware. The issue lies in the function formexeCommand of the /goform/execCommand file, which is susceptible to a stack-based buffer overflow caused by manipulating the cmdinput argument. This vulnerability can be exploited remotely, and an exploit has been made public. The associated identifier for this vulnerability is VDB-257459. Despite early disclosure to the vendor, they have not responded or taken action to address the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uk6Tzx
https://www.cve.org/CVERecord?id=CVE-2024-2708
https://nvd.nist.gov/vuln/detail/CVE-2024-2708

Back to Vulnerability Database

CVE-2024-2708

CVSS 3.1 Score 0.0 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations