{"uuid": "1f7ede11-1c43-4007-853c-0f861c8c27a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2489", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11355", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-2489\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2024-03-15T09:00:10.441Z\n\ud83d\udccf Modified: 2025-04-10T20:28:47.497Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.256896\n2. https://vuldb.com/?ctiid.256896\n3. https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetQosBand.md", "creation_timestamp": "2025-04-10T20:49:59.000000Z"}