CVE-2024-46048

Summary

CVE-2024-46048 describes a command injection vulnerability found in Tenda FH451 version 1.0.0.9, specifically within the formexeCommand function. This vulnerability allows attackers on an adjacent network to execute arbitrary commands without requiring user interaction or special privileges, posing a significant risk to both confidentiality and integrity of the affected system. The exploitability score is rated at 2.8, with a base severity of high (8.8) and potential impacts on availability also classified as high. To remediate this issue, organizations should update the firmware of their Tenda FH451 devices to the latest version provided by the manufacturer. Failure to address this vulnerability could lead to unauthorized access and control over critical system functionalities, endangering organizational security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.