CVE-2024-0930

Summary

CVE-2024-0930 is a newly disclosed critical vulnerability impacting Tenda AC10U devices running firmware version 15.03.06.49_multi_TDE01. The issue lies within the function fromSetWirelessRepeat, where an argument wpapsk_crypto can be manipulated, leading to a stack-based buffer overflow. This vulnerability can be exploited remotely, allowing malicious actors to potentially gain unauthorized access to affected devices. The exploit for this vulnerability, identified as VDB-252135, has been made public, increasing the risk for potential attacks. Despite early disclosure to the vendor, there has been no response or indication of a patch from their team.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.