CVE-2024-7540

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Aug 6, 2024

Updated: Aug 29, 2024

CWE ID 908

CWE ID 457

Summary

CVE-2024-7540 is an information disclosure vulnerability affecting oFono, a modem software used in various mobile devices. This issue arises due to an uninitialized variable in the handling of AT+CMGL commands, leading to the exposure of sensitive information on affected installations. An attacker must initially gain the ability to execute code on the target modem to exploit this vulnerability. The vulnerability, identified as ZDI-CAN-23307, can potentially be combined with other weaknesses to execute arbitrary code with root privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xgmAs4
https://www.cve.org/CVERecord?id=CVE-2024-7540
https://nvd.nist.gov/vuln/detail/CVE-2024-7540

Back to Vulnerability Database

CVE-2024-7540

CVSS 3.1 Score 3.3 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations