Unrated severityNVD Advisory· Published Mar 27, 2024· Updated Apr 10, 2025
Tenda F1203 setcfm formSetCfm stack-based overflow
CVE-2024-2978
Description
A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formSetCfm.mdmitreexploit
- vuldb.commitrethird-party-advisory
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.