CVE-2024-3006

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 27, 2024
Updated: May 17, 2024
CWE ID 125

Summary

CVE-2024-3006 is a critical vulnerability identified in Tenda FH1205 2.0.0.7(775) firmware. This issue affects the fromSetRouteStatic function within the /goform/fromRouteStatic file, causing a stack-based buffer overflow. An attacker can exploit this remotely by manipulating the argument entrys. The vulnerability identifier is VDB-258292, and the exploit has already been disclosed to the public. Unfortunately, the vendor was not responsive to early disclosure efforts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share