CVE-2024-8225

Summary

CVE-2024-8225 is a critical vulnerability affecting the Tenda G3 router running firmware version 15.11.0.20, specifically in the formSetSysTime function within the /goform/SetSysTimeCfg file, which is susceptible to a stack-based buffer overflow due to improper argument manipulation. This flaw allows remote attackers to exploit the device with minimal privileges, posing significant risks to confidentiality, integrity, and availability of the affected systems. The vulnerability has been publicly disclosed and remains unaddressed, as the vendor has not responded to notifications regarding its existence. Organizations using this product are advised to implement security measures such as firewalls or network segmentation to mitigate potential attacks until a patch is released. Given its high CVSS score of 8.8, immediate attention is warranted to prevent unauthorized access or control over affected devices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.