CVE-2024-2990

CVSS 3.1 Score 4.2 of 10 (medium)

Details

Published Mar 27, 2024

Updated: May 17, 2024

CWE ID 770

Summary

CVE-2024-2990 is a critical vulnerability affecting the Tenda FH1203 2.0.1.6 firmware. The issue lies within the function formexeCommand of the /goform/execCommand file, where a stack-based buffer overflow occurs due to manipulation of the cmdinput argument. This vulnerability allows for remote exploitation and has been publicly disclosed. The associated identifier for this issue is VDB-258159. Unfortunately, the vendor did not respond to early disclosures about this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vUF3ZC
https://www.cve.org/CVERecord?id=CVE-2024-2990
https://nvd.nist.gov/vuln/detail/CVE-2024-2990

Back to Vulnerability Database

CVE-2024-2990

CVSS 3.1 Score 4.2 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations