CVE-2024-2856

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 24, 2024
Updated: Mar 26, 2024
CWE ID 121

Summary

CVE-2024-2856 is a critical vulnerability found in Tenda AC10 16.03.10.13/16.03.10.20. The vulnerability exists in the function fromSetSysTime of the file /goform/SetSysTimeCfg, and it is caused by a stack-based buffer overflow that can be manipulated through the timeZone argument. This vulnerability can be exploited remotely, and the exploit has been publicly disclosed. The vendor has been notified but has not responded to the disclosure. The vulnerability has a risk score of 65 and a base severity of high, with potential impacts on confidentiality, integrity, and availability of affected systems.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2856 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options