CVE-2024-3907 | Tenda AC500 2.0.1.9(1307) /goform/setcfm formSetCfm funcpara1 stack-based overflow

Inserito da Angelo Barbosa | Apr 17, 2024 | CVE

A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been rated as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow.

The identification of this vulnerability is CVE-2024-3907. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-3907 | Tenda AC500 2.0.1.9(1307) /goform/setcfm formSetCfm funcpara1 stack-based overflow

Post correlati

CVE-2024-37146 | FlowiseAI Flowise up to 1.4.3 404 Page /api/v1/credentials/id cross site scripting (GHSL-2023-232)

CVE-2024-45893 | DrayTek Vigor 3900 1.5.1.3 cgi-bin/mainfunction.cgi setSWMOption action command injection

CVE-2024-8022 | Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 Phone Number cross site scripting

CVE-2024-52354 | Cool Plugins Web Stories Widgets for Elementor Plugin up to 1.1 on WordPress cross site scripting