CVE-2024-8226

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 28, 2024
Updated: Aug 29, 2024
CWE ID 121
CWE ID 787

Summary

CVE-2024-8226 is a critical vulnerability identified in Tenda O1 version 1.0.0.7(10648), specifically affecting the formSetCfm function located in the /goform/setcfm file. This vulnerability allows for stack-based buffer overflow through manipulation of the funcpara1 argument, which can be exploited remotely with low complexity and no user interaction required. The potential impact includes high levels of confidentiality, integrity, and availability compromise to an organization’s network, with an overall base score of 8.8 on the CVSS scale indicating significant risk. Remediation steps should include immediate patching or disabling affected systems until a fix is provided by Tenda, as the vendor has not yet publicly responded to disclosures regarding this issue. Failure to address this vulnerability could lead to severe operational disruptions and data breaches within affected environments.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share