CVE-2024-41630

moderate-risk

Published 2024-07-31

Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.

Do I need to act?

2.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.6/10 High

NETWORK / LOW complexity

Affected Products (1)

Ac18 Firmware

Affected Vendors

Tenda

References (3)

Exploit https://palm-vertebra-fe9.notion.site/form_fast_setting_wifi_set-fd47294cf4bb460...

Broken Link https://www.tendacn.com/hk/download/detail-3852.html

Broken Link https://www.tendacn.com/hk/download/detail-3863.html

/ 100

moderate-risk

Severity 27/34 · High

Exploitability 6/34 · Minimal

Exposure 5/34 · Minimal