CVE-2024-2487 | Tenda AC18 15.03.05.05 /goform/SetOnlineDevName formSetDeviceName devName/mac stack-based overflow

Inserito da Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName/mac leads to stack-based buffer overflow.

This vulnerability was named CVE-2024-2487. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-2487 | Tenda AC18 15.03.05.05 /goform/SetOnlineDevName formSetDeviceName devName/mac stack-based overflow

Post correlati

CVE-2024-47780 | TYPO3 up to 10.4.45/11.5.39/12.4.20/13.3.0 authorization (GHSA-rf5m-h8q9-9w6q)

CVE-2024-2687 | Campcodes Online Job Finder System 1.0 index.php id sql injection

CVE-2024-23667 | Fortinet FortiWebManager up to 6.0.2/6.2.4/6.3.0/7.0.4/7.2.0 HTTP Request Handler/CLI improper authorization (FG-IR-23-222)

CVE-2023-3352 | Smush Plugin up to 3.16.4 on WordPress Resmush List authorization