CVE-2024-2892

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 26, 2024

Updated: May 17, 2024

CWE ID 190

Summary

CVE-2024-2892 is a newly disclosed critical vulnerability affecting Tenda AC7 devices running version 15.03.06.44. The issue lies within the function formSetCfm in the file /goform/setcfm, which can be exploited through manipulation of the argument funcpara1, leading to a stack-based buffer overflow. The vulnerability is remotely exploitable, and the exploit code has been made public. No response has been received from the vendor regarding this disclosure, increasing the urgency for users to apply patches or workarounds to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vJFQ69
https://www.cve.org/CVERecord?id=CVE-2024-2892
https://nvd.nist.gov/vuln/detail/CVE-2024-2892

Back to Vulnerability Database

CVE-2024-2892

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations