CVE-2024-2902 | Tenda AC7 15.03.06.44 /goform/WifiGuestSet fromSetWifiGusetBasic shareSpeed stack-based overflow

Posted by Angelo Barbosa | Mar 26, 2024 | CVE

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow.

The identification of this vulnerability is CVE-2024-2902. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-2902 | Tenda AC7 15.03.06.44 /goform/WifiGuestSet fromSetWifiGusetBasic shareSpeed stack-based overflow

Related Posts

CVE-2024-47588 | SAP NetWeaver Java SUM 1.1 Software Update Manager insufficiently protected credentials

CVE-2024-37742 | Safe Exam Browser up to 3.5 on Windows Clipboard Management information disclosure

CVE-2024-0990 | Tenda i6 1.0.0.9(3857) httpd /goform/setAutoPing formSetAutoPing ping1 stack-based overflow

CVE-2024-23792 | OTRS up to 7.0.48/8.0.37/2023.1.1 Add Attachment improper authentication