CVE-2024-29671
Published: 16 December 2024
Summary
CVE-2024-29671 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Co (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-29671 is a buffer overflow vulnerability, tracked under CWE-120, that affects the POST request handler component in the NEXTU FLATA AX1500 Router running firmware version 1.0.2. The flaw carries a CVSS 3.1 base score of 9.8, reflecting network attack vector, low attack complexity, and no required privileges or user interaction.
A remote attacker can send a crafted POST request to the affected router and trigger the overflow to execute arbitrary code on the device. Successful exploitation grants the attacker full control over the router, including the ability to read, modify, or delete data and potentially pivot into attached networks.
Public references include a vendor download page for the affected model, a technical gist, and a GitHub repository containing proof-of-concept code. No official advisory text or patch details are provided in the available references.
The EPSS score currently stands at 0.5469 with a recorded peak of 0.5663, indicating sustained moderate exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-26670
Vulnerability details
Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.