CVE-2024-2891
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-2891 is a critical vulnerability that affects the Tenda AC7 model with firmware version 15.03.06.44. The issue lies in the function formQuickIndex of the file /goform/QuickIndex, where a stack-based buffer overflow can be triggered by manipulating the argument PPPOEPassword. This vulnerability permits remote attacks, meaning an unauthorized user can exploit it. The exploit for this vulnerability, identified as VDB-257934, has been made public, increasing the risk for potential attacks. Regrettably, the vendor was notified about this disclosure but failed to respond.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.