Stack-Based Buffer Overflow in Tenda AC7 Wireless Router
CVE-2024-2896

8.8HIGH

Key Information:

Vendor: Tenda
Status: Ac7
Vendor: CVE Published:; 26 March 2024

Badges

👾 Exploit Exists

What is CVE-2024-2896?

A critical vulnerability has been identified in the Tenda AC7 wireless router, specifically affecting version 15.03.06.44. This vulnerability resides in the function formWifiWpsStart located in the /goform/WifiWpsStart file. An inadequately managed argument index can result in a stack-based buffer overflow, allowing remote attackers to execute arbitrary code on affected devices. The exploit is publicly known, raising significant security concerns for users. Despite early disclosure of this vulnerability, Tenda has not issued a response, leaving devices susceptible to potential attacks. Protection against this vulnerability is crucial for maintaining network integrity and securing sensitive data.