First published: Thu Mar 21 2024(Updated: )
A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Tenda AC10U Firmware | =15.03.06.48 | |
Tenda AC10U firmware | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-2764 is classified as a critical vulnerability.
CVE-2024-2764 affects Tenda AC10U firmware version 15.03.06.48.
CVE-2024-2764 exploits a stack-based buffer overflow through manipulation of the endIP argument in the formSetPPTPServer function.
To remediate CVE-2024-2764, update the Tenda AC10U firmware to a version that is not affected.
CVE-2024-2764 could allow attackers to execute arbitrary code on vulnerable systems.