CVE-2024-2994

CVSS 3.1 Score 8.4 of 10 (high)

Details

Published Mar 27, 2024

Updated: May 17, 2024

Summary

CVE-2024-2994 is a newly disclosed critical vulnerability affecting the Tenda FH1203 2.0.1.6 firmware. The vulnerability lies in the GetParentControlInfo function of the /goform/GetParentControlInfo file. An attacker can manipulate the mac argument, leading to a stack-based buffer overflow. This issue can be exploited remotely, and the associated identifier is VDB-25816. unfortunately, the vendor was contacted about this disclosure but did not respond, leaving users potentially vulnerable to exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mozilla Firefox

Affected Vendors

Mozilla

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/u_ZlRA
https://www.cve.org/CVERecord?id=CVE-2024-2994
https://nvd.nist.gov/vuln/detail/CVE-2024-2994

Back to Vulnerability Database