CVE-2024-3906

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Apr 17, 2024

Updated: Jun 4, 2024

CWE ID 491

Summary

CVE-2024-3906 is a critical vulnerability affecting the Tenda AC500 2.0.1.9(1307) firmware. The issue lies within the function formQuickIndex in the /goform/QuickIndex file. An attacker can exploit this stack-based buffer overflow by manipulating the argument PPPOEPassword, which can be done remotely. The vulnerability has been disclosed to the public, increasing the risk of exploitation. Vendor response has not been recorded, leaving users potentially exposed. (VDB-261142)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Order Manager

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wlKQXx
https://www.cve.org/CVERecord?id=CVE-2024-3906
https://nvd.nist.gov/vuln/detail/CVE-2024-3906

Back to Vulnerability Database

CVE-2024-3906

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations