CVE-2024-44556

Summary

CVE-2024-44556 identifies a stack overflow vulnerability in Tenda AX1806 version 1.0.0.1, which can be exploited via the adv.iptv.stballvlans parameter in the setIptvInfo function. This vulnerability poses a medium severity risk, with a CVSS base score of 6.6, and can lead to high integrity impact while having low confidentiality and availability impacts. Exploitation requires low privileges and does not necessitate user interaction, meaning an attacker could potentially gain control of affected systems locally. To remediate this issue, organizations should update their Tenda AX1806 devices to the latest firmware version that addresses this vulnerability. Failure to address this flaw could expose organizations to potential data manipulation or unauthorized control of network resources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.