First published: Fri Mar 22 2024(Updated: )
A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Any of | ||
Tenda A15 | =15.03.05.18 | |
Tenda A15 | =15.03.05.20_multi | |
Tenda AC15 | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-2808 is classified as a critical vulnerability due to its potential for exploitation via stack-based buffer overflow.
To mitigate CVE-2024-2808, update the Tenda AC15 firmware to the latest version provided by the manufacturer.
The impact of CVE-2024-2808 could lead to denial of service or potentially allow remote code execution due to the buffer overflow.
CVE-2024-2808 affects Tenda AC15 firmware versions 15.03.05.18 and 15.03.05.20_multi.
CVE-2024-2808 exploits stack-based buffer overflow by manipulating the PPPOEPassword argument in the formQuickIndex function.