CVE-2024-6146

Name of the Vulnerable Software and Affected Versions Actiontec WCB6200Q (affected versions not specified)

Description The issue is related to a stack-based buffer overflow in the uh get postdata withupload() function of the HTTP server in Actiontec WCB6200Q Wi-Fi range extenders. This allows a remote attacker to execute arbitrary code on affected installations without requiring authentication. The flaw exists due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.