CVE-2024-8231

Summary

CVE-2024-8231 is a critical vulnerability affecting Tenda O6 firmware version 1.0.0.7(2054), specifically in the function fromVirtualSet located in the file /goform/setPortForward. This vulnerability allows remote exploitation through stack-based buffer overflow due to improper handling of input arguments such as ip, localPort, publicPort, and app. The risk associated with this flaw includes significant impacts on confidentiality, integrity, and availability of affected systems, scoring a high severity rating of 8.8 on the CVSS scale. Organizations are advised to remediate this issue by updating to a patched version of the firmware or implementing network-level protections to restrict access to vulnerable services. Despite early disclosure attempts to the vendor, no response was received regarding this critical security issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.