CVE-2024-4236 – A vulnerability, which was classified as critical, has been found in Tenda AX1803 …

26 April 2024

Vuln ID: CVE-2024-4236

Published: 2024-04-26 18:15:46.803

Description: A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Base Score: 8.8 – HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Source: NVD.NIST.GOV

Date:

26 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Security researchers say this scary exploit could render all VPNs useless7 May 2024
AI chip shortages continue, but there may be an end in sight7 May 2024
Australia bans alleged Russian leader of global ransomware group LockBit7 May 2024
Grant Shapps says it will ‘take some time’ to conclude who was to blame for cyber-attack on armed forces payroll – as it happened7 May 2024
Dmitry Khoroshev named as alleged leader of ransomware gang LockBit7 May 2024