CVE-2024-8227

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 28, 2024
Updated: Aug 29, 2024
CWE ID 121
CWE ID 787

Summary

CVE-2024-8227 is a critical vulnerability affecting Tenda O1 version 1.0.0.7, specifically in the function fromDhcpSetSer located in the file /goform/DhcpSetSer. The vulnerability arises from improper handling of DHCP-related arguments, leading to a stack-based buffer overflow that can be exploited remotely without user interaction. This flaw poses significant risks, including potential unauthorized access to sensitive data and system integrity compromise, with a CVSS score of 9.0 indicating high severity. To remediate this issue, organizations using the affected product should apply any available patches from Tenda or consider disabling vulnerable features until a fix is implemented. Despite early notification attempts to the vendor regarding this vulnerability, there was no response received.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share