CVE-2024-8408

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 4, 2024
Updated: Sep 5, 2024
CWE ID 787
CWE ID 121

Summary

CVE-2024-8408 identifies a critical vulnerability in Linksys WRT54G version 4.21.5, specifically affecting the validate_services_port function within the POST Parameter Handler of the /apply.cgi file. This vulnerability allows for a stack-based buffer overflow due to improper manipulation of the services_array argument, which can be exploited remotely without requiring user interaction or elevated privileges. The potential impact includes high integrity and confidentiality risks, as well as potential denial of service due to availability issues. Organizations using this device should remediate the vulnerability by applying any available patches or updates from the vendor, although there has been no response from Linksys regarding this disclosure. Without remediation, attackers may exploit this vulnerability to gain unauthorized access or disrupt network services.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share