CVE-2024-9284

Summary

CVE-2024-9284 is a critical vulnerability affecting the TP-LINK TL-WR841ND router up to firmware version 20240920, which involves a stack-based buffer overflow triggered by manipulating the ssid argument in the file /userRpm/popupSiteSurveyRpm.htm. This vulnerability can be exploited remotely, posing significant risks to organizations as it allows unauthorized access and potential denial of service due to high availability impact. The vendor has not responded to disclosure attempts, increasing the urgency for remediation. Users are advised to update their devices or implement network-level security measures to mitigate this risk. The vulnerability has been assigned a CVSS score of 6.5, indicating medium severity with low complexity for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.