CVE-2024-7542
CVSS 3.1 Score 3.3 of 10 (low)
Details
Published Aug 6, 2024
Updated: Aug 29, 2024
CWE ID 908
CWE ID 457
Summary
CVE-2024-7542 is an information disclosure vulnerability affecting oFono, a modem software component. An attacker can exploit this issue by gaining the ability to execute code on the target modem and then manipulating AT+CMGR commands. The root cause is the lack of proper memory initialization before access, enabling an attacker to disclose sensitive information. While this vulnerability doesn't directly allow code execution, it can be combined with other weaknesses to achieve that goal. (ZDI-CAN-23309)
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share