CVE-2024-3910 | Tenda AC500 2.0.1.9(1307) /goform/DhcpListClient fromDhcpListClient page stack-based overflow

Posted by Angelo Barbosa | Apr 17, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow.

This vulnerability is handled as CVE-2024-3910. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-3910 | Tenda AC500 2.0.1.9(1307) /goform/DhcpListClient fromDhcpListClient page stack-based overflow

Related Posts

CVE-2024-50149 | Linux Kernel up to 6.11.5 drm run_job information disclosure (be8fe75e57f8/82926f52d7a0)

CVE-2024-2175 | Lenovo Display Control Center prior 3.0.29082.0 default permission

CVE-2024-0296 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time os command injection

CVE-2024-6540 | OTRS up to 8.0.x/2023.x/2024.4.x Ticket improper filtering of special elements