Local Information Disclosure in Tenda Technology CP3V2.0 Router
CVE-2024-24488

5.5MEDIUM

Key Information:

Vendor: Tenda
Status: Cp3 Firmware
Vendor: CVE Published:; 7 February 2024

What is CVE-2024-24488?

A security vulnerability in the Shenzen Tenda Technology CP3V2.0 router enables a local attacker to access sensitive information through exploitation of the router's password component. This flaw could potentially expose user credentials and other confidential data, posing a significant risk to the security and privacy of affected users. It is crucial for users of this product version to apply security updates promptly to mitigate any potential exploits.

References

https://github.com/minj-ae/CVE-2024-24488

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2024
Vulnerability Reserved
Jan 25, 2024