CVE-2024-4064 | Tenda AC8 16.03.34.09 /goform/execCommand R7WebsSecurityHandler password stack-based overflow

Posted by Angelo Barbosa | Apr 23, 2024 | CVE

A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow.

This vulnerability was named CVE-2024-4064. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4064 | Tenda AC8 16.03.34.09 /goform/execCommand R7WebsSecurityHandler password stack-based overflow

Related Posts

CVE-2023-47635 | Decidim up to 0.27.4 server-side request forgery

CVE-2024-30410 | Juniper Junos OS up to 20.4R3-S1/21.2R3-S6/21.4R3-S5 on EX4300 IPv6 Firewall Filter incorrect behavior order (JSA79100)

CVE-2024-41018 | Linux Kernel up to 6.6.42/6.9.11/6.10.1 ntfs3 out-of-bounds

CVE-2024-21865 | KDDI HGW BL1500HM up to 002.001.013 SSH Service weak password