CVE-2024-2903
published 2024-03-26CVE-2024-2903: A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file…
PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.85%
76.4th percentile
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge | — | — |
| tenda | ac7 | — | — |
| tenda | ac7_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2wh2-rrfv-xm6m: A vulnerability was found in Tenda AC7 15
ghsa_unreviewed·2024-03-26
CVE-2024-2903 [HIGH] CWE-121 GHSA-2wh2-rrfv-xm6m: A vulnerability was found in Tenda AC7 15
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Microsoft
Chromium: CVE-2024-12692 Type Confusion in V8
vendor_msrc·2024-12-10·CVSS 8.8
CVE-2024-12692 [HIGH] Chromium: CVE-2024-12692 Type Confusion in V8
Chromium: CVE-2024-12692 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
131.0.2903.112
12/19/2024
131.0.6778.205
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In you
Microsoft
Chromium: CVE-2024-12053 Type Confusion in V8
vendor_msrc·2024-12-10·CVSS 8.8
CVE-2024-12053 [HIGH] Chromium: CVE-2024-12053 Type Confusion in V8
Chromium: CVE-2024-12053 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
131.0.2903.86
12/05/2024
131.0.6778.108/.109
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In
Microsoft
Chromium: CVE-2024-12693 Out of bounds memory access in V8
vendor_msrc·2024-12-10·CVSS 8.8
CVE-2024-12693 [HIGH] Chromium: CVE-2024-12693 Out of bounds memory access in V8
Chromium: CVE-2024-12693 Out of bounds memory access in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
131.0.2903.112
12/19/2024
131.0.6778.205
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the bro
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability
vendor_msrc·2024-12-10·CVSS 4.3
CVE-2024-49041 [MEDIUM] CWE-449 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?
The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
131.0.2903.86
12/05/2024
131.0.6778.108/.109
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Micro
Microsoft
Chromium: CVE-2024-12695 Out of bounds write in V8
vendor_msrc·2024-12-10·CVSS 8.8
CVE-2024-12695 [HIGH] Chromium: CVE-2024-12695 Out of bounds write in V8
Chromium: CVE-2024-12695 Out of bounds write in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
131.0.2903.112
12/19/2024
131.0.6778.205
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
I
Microsoft
Chromium: CVE-2024-12694 Use after free in Compositing
vendor_msrc·2024-12-10·CVSS 8.8
CVE-2024-12694 [HIGH] Chromium: CVE-2024-12694 Use after free in Compositing
Chromium: CVE-2024-12694 Use after free in Compositing
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
131.0.2903.112
12/19/2024
131.0.6778.205
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability
vendor_msrc·2024-11-12·CVSS 4.3
CVE-2024-49054 [MEDIUM] CWE-357 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
131.0.2903.63
11/21/2024
131.0.6778.85/.86
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability
An attacker could create a long URL for a download domain so that when Edge displays the entire URL the main part of the domain gets cut off.
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/GetParentControlInfo.mdhttps://vuldb.com/?ctiid.257946https://vuldb.com/?id.257946https://vuldb.com/?submit.300452https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/GetParentControlInfo.mdhttps://vuldb.com/?ctiid.257946https://vuldb.com/?id.257946https://vuldb.com/?submit.300452
2024-03-26
Published