CVE-2024-3906 | Tenda AC500 2.0.1.9(1307) /goform/QuickIndex formQuickIndex PPPOEPassword stack-based overflow

Posted by Angelo Barbosa | Apr 17, 2024 | CVE

A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow.

This vulnerability was named CVE-2024-3906. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-3906 | Tenda AC500 2.0.1.9(1307) /goform/QuickIndex formQuickIndex PPPOEPassword stack-based overflow

Related Posts

CVE-2024-28799 | IBM QRadar Suite Software/Cloud Pak for Security Back-End Command unknown vulnerability (XFDB-287173)

CVE-2024-47031 | Google Android ABL Privilege Escalation

CVE-2024-21454 | Qualcomm Snapdragon Automotive Telematics denial of service

CVE-2023-22524 | Atlassian Companion App on macOS Websocket Remote Code Execution