CVE-2024-2490

CVSS 3.1 Score 8 of 10 (high)

Details

Published Mar 15, 2024

Updated: Jan 14, 2025

CWE ID 640

Summary

CVE-2024-2490 is a critical vulnerability affecting the Tenda AC18 model with firmware version 15.03.05.05. The function setSchedWifi in the file /goform/openSchedWifi contains a stack-based buffer overflow vulnerability. This issue can be exploited by manipulating the arguments schedStartTime and schedEndTime, leading to buffer overflow. The attack can be launched remotely, and the exploit has been disclosed to the public. The identifier VDB-256897 has been assigned to this vulnerability. Notably, the vendor was contacted about this disclosure but failed to respond.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Dell Technologies, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uXVSEC
https://www.cve.org/CVERecord?id=CVE-2024-2490
https://nvd.nist.gov/vuln/detail/CVE-2024-2490

Back to Vulnerability Database

CVE-2024-2490

CVSS 3.1 Score 8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations