CVE-2024-2984
CVSS 3.0 Score 9.8 of 10 (critical)
Details
Published Mar 27, 2024
Updated: Jan 14, 2025
CWE ID 287
Summary
CVE-2024-2984 is a newly disclosed critical vulnerability that affects the Tenda FH1202 1.2.0.14(408) firmware. The flaw lies in the function formSetCfm of the file /goform/setcfm, where the argument funcpara1 is susceptible to stack-based buffer overflow. This issue can be exploited remotely, allowing attackers to execute arbitrary code. The vulnerability has been made public, increasing the risk of exploitation. The identifier VDB-258153 has been assigned to this issue, and unfortunately, the vendor has not responded to earlier disclosures.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share