CVE-2024-24488

MEDIUM

Tendacn Cp3 Firmware - Cleartext Storage

Title source: rule
STIX 2.1

Description

An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.

Exploits (2)

nomisec WRITEUP 4 stars
by legacyobj · poc
https://github.com/legacyobj/CVE-2024-24488
nomisec WRITEUP 4 stars
by minj-ae · poc
https://github.com/minj-ae/CVE-2024-24488

References (1)

Scores

CVSS v3 5.5
EPSS 0.0003
EPSS Percentile 7.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-312
Status published
Products (1)
tendacn/cp3_firmware 11.10.00.2311090948
Published Feb 07, 2024
Tracked Since Feb 18, 2026