First published: Tue Apr 16 2024(Updated: )
A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tenda W20e Firmware | ||
All of | ||
=15.11.0.6 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-3874 has been declared as critical due to its potential for exploitation through stack-based buffer overflow.
To fix CVE-2024-3874, update the Tenda W20E device firmware to the latest version provided by Tenda.
CVE-2024-3874 affects Tenda W20E devices running firmware version 15.11.0.6.
Exploitation of CVE-2024-3874 could lead to remote code execution due to stack-based buffer overflow vulnerabilities.
Currently, the recommended approach is to update the affected device as no specific workaround is available for CVE-2024-3874.