CVE-2024-2893
published 2024-03-26CVE-2024-2893: A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file…
PriorityP268high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.68%
74.1th percentile
A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenda | ac7 | — | — |
| tenda | ac7_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Oracle WebLogic Deserialization (CVE-2018-2893)
suricata·2018-08-01·CVSS 9.8
CVE-2018-2893 [CRITICAL] ET WEB_SPECIFIC_APPS Oracle WebLogic Deserialization (CVE-2018-2893)
ET WEB_SPECIFIC_APPS Oracle WebLogic Deserialization (CVE-2018-2893)
Rule: alert tcp any any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Oracle WebLogic Deserialization (CVE-2018-2893)"; flow:established,to_server; content:"t3|20|12"; depth:5; fast_pattern; content:"AS|3a|255"; distance:0; content:"HL|3a|19"; distance:0; content:"MS|3a|10000000"; distance:0; content:"PU|3a|t3|3a|//"; distance:0; reference:cve,2018-2893; reference:url,github.com/pyn3rd/CVE-2018-2893; classtype:attempted-admin; sid:2025929; rev:3; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2018_08_01, cve CVE_2018_2893, deployment Datacenter, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_05_21;)
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formSetDeviceName_devName.mdhttps://vuldb.com/?ctiid.257936https://vuldb.com/?id.257936https://vuldb.com/?submit.300356https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formSetDeviceName_devName.mdhttps://vuldb.com/?ctiid.257936https://vuldb.com/?id.257936https://vuldb.com/?submit.300356
2024-03-26
Published