CVE-2024-44551

Summary

CVE-2024-44551 identifies a critical stack overflow vulnerability in Tenda AX1806 version 1.0.0.1, specifically in the iptv.city.vlan parameter of the formGetIptv function. This flaw has a CVSS base score of 9.8 and can be exploited over the network with no user interaction required, posing significant risks to both confidentiality and integrity due to high potential impacts on affected systems. Remediation is essential for organizations using this product, as the vulnerability allows attackers to execute arbitrary code remotely, potentially leading to unauthorized access and system compromise. The vulnerability remains unpatched as of now, emphasizing the urgent need for users to apply any available updates or mitigations promptly. Organizations should closely monitor updates from Tenda and assess their network exposure to protect against potential exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.