Stack-Based Buffer Overflow in Tenda i21 Router
CVE-2024-4245

8.8HIGH

Key Information:

Vendor
Tenda
Status
I21
Vendor
CVE Published:
27 April 2024

Summary

A critical vulnerability has been uncovered in the Tenda i21 router, specifically involving a stack-based buffer overflow in the formQosManageDouble_user function. This vulnerability arises from the improper handling of the ssidIndex argument, enabling an attacker to exploit the issue remotely. Successful exploitation allows an attacker to potentially execute arbitrary code, compromising device security. Despite attempts to inform Tenda Technology about this serious security flaw, there has been no response from the vendor, which raises concerns about timely patch management and user safety. Organizations using the affected version of Tenda i21 should prioritize updates and consider additional security measures to mitigate risk.

Affected Version(s)

i21 1.0.0.14(4656)

References

https://vuldb.com/?id.262136
vdb-entrytechnical-description
https://vuldb.com/?ctiid.262136
signaturepermissions-required
https://vuldb.com/?submit.319830
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yhryhryhr_miemie (VulDB User)
.