CVE-2024-2900 | Tenda AC7 15.03.06.44 saveParentControlInfo deviceId/time/urls stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow.

This vulnerability is uniquely identified as CVE-2024-2900. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-2900 | Tenda AC7 15.03.06.44 saveParentControlInfo deviceId/time/urls stack-based overflow

Related Posts

CVE-2023-38709 | Apache HTTP Server up to 2.4.58 response splitting

CVE-2024-29973 | Zyxel NAS326/NAS542 prior 5.21 HTTP POST Request setCookie os command injection

CVE-2024-4962 | D-Link DAR-7000-40 V31R02B1413C /useratte/resmanage.php file unrestricted upload (SAP10354)

CVE-2024-37629 | SummerNote 0.8.18 Code View cross site scripting (Issue 4642)