Stack-Based Buffer Overflow in Tenda 4G300 Router
CVE-2024-4170
8.8HIGH
What is CVE-2024-4170?
A severe vulnerability has been discovered in the Tenda 4G300 router model version 1.01.42, specifically within the function sub_429A30. This vulnerability manifests as a stack-based buffer overflow due to improper handling of the argument 'list1'. Attackers can exploit this flaw remotely, allowing unauthorized access and potential control over the device, posing significant risks to user data and network security. Despite early disclosure attempts, the vendor has not responded to address this critical issue. Users are strongly advised to monitor their devices for any signs of exploitation and consider applying necessary mitigations.
Affected Version(s)
4G300 1.01.42