CVE-2024-2708 | Tenda AC10U 15.03.06.49 /goform/execCommand formexeCommand cmdinput stack-based overflow

Posted by Angelo Barbosa | Mar 20, 2024 | CVE

A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow.

The identification of this vulnerability is CVE-2024-2708. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-2708 | Tenda AC10U 15.03.06.49 /goform/execCommand formexeCommand cmdinput stack-based overflow

Related Posts

CVE-2024-1814 | Spectra Plugin up to 2.12.8 on WordPress Testimonial Block cross site scripting

CVE-2024-23152 | Autodesk AutoCAD 3DM File Parser out-of-bounds

CVE-2024-4479 | Jeg Elementor Kit Plugin up to 2.6.5 on WordPress Accordion Widgets cross site scripting

CVE-2023-5253 | Nozomi Networks Guardian/CMC prior 23.3.0 missing authentication