Stack-Based Buffer Overflow in Tenda i21 Router Firmware
CVE-2024-4247

8.8HIGH

Key Information:

Vendor
Tenda
Status
I21
Vendor
CVE Published:
27 April 2024

Summary

A significant vulnerability has been discovered in the Tenda i21 router, specifically within its function call 'formQosManage_auto'. This flaw allows for a stack-based buffer overflow that can be exploited remotely. By manipulating the argument 'ssidIndex', an attacker could potentially execute arbitrary code, leading to unauthorized access or control over the device. This vulnerability emphasizes the importance of vendor responsiveness, as Tenda has yet to provide a patch or comment upon disclosure.

Affected Version(s)

i21 1.0.0.14(4656)

References

https://vuldb.com/?id.262138
vdb-entrytechnical-description
https://vuldb.com/?ctiid.262138
signaturepermissions-required
https://vuldb.com/?submit.319832
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yhryhryhr_miemie (VulDB User)
.