First published: Wed Apr 17 2024(Updated: )
A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tenda AC500 Firmware | ||
All of | ||
Tenda AC500 | =2.0.1.9\(1307\) | |
Tenda AC500 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-3909 is classified as a critical vulnerability.
To mitigate CVE-2024-3909, upgrade the Tenda AC500 firmware to a version beyond 2.0.1.9(1307).
CVE-2024-3909 is a stack-based buffer overflow vulnerability.
CVE-2024-3909 affects the Tenda AC500 running firmware version 2.0.1.9(1307).
Exploitation of CVE-2024-3909 could lead to unauthorized execution of commands on the affected device.