CVE-2024-8408

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 47.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linksys Wrt54gLinksys Wrt54g Firmware
Timeline
PublishedSep 4

Description

A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5linksys/wrt54g4.21.5

🔴Vulnerability Details

2
GHSA
GHSA-wv2q-3c9c-q6v7: A vulnerability was found in Linksys WRT54G 42024-09-04
CVEList
Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow2024-09-04
CVE-2024-8408 (MEDIUM CVSS 5.3) | A vulnerability was found in Linksy | cvebase.io