Stack-Based Buffer Overflow in Linksys WRT54G
CVE-2024-8408

9.8CRITICAL

Key Information:

Vendor: Linksys
Status: Wrt54g Firmware
Vendor: CVE Published:; 4 September 2024

What is CVE-2024-8408?

A significant vulnerability exists in Linksys WRT54G version 4.21.5, specifically within the validate_services_port function of the apply.cgi component. This flaw allows for stack-based buffer overflow triggered by manipulation of the services_array argument. The vulnerability can be exploited remotely, potentially exposing systems to malicious attacks. Despite early disclosures to the vendor regarding this issue, there has been no response. As public knowledge increases, the risk of exploitation remains a pressing concern for affected users.

References

https://vuldb.com/?id.276488

https://vuldb.com/?ctiid.276488

https://vuldb.com/?submit.398567

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2024