Stack-Based Buffer Overflow in Tenda i21 Router
CVE-2024-4248

8.8HIGH

Key Information:

Vendor
Tenda
Status
I21
Vendor
CVE Published:
27 April 2024

Summary

A significant security vulnerability has been identified in the Tenda i21 router, specifically affecting version 1.0.0.14(4656). This vulnerability lies within the function formQosManage_user, where improper handling of the ssidIndex argument can lead to a stack-based buffer overflow. This may allow an attacker to execute arbitrary code or crash the device, and the exploitation can be performed remotely, posing a severe risk to users' networks. Despite attempts to notify the vendor, Tenda has not responded regarding any mitigation steps. It is crucial for users to be aware of this issue and to apply necessary security measures to protect their devices.

Affected Version(s)

i21 1.0.0.14(4656)

References

https://vuldb.com/?id.262139
vdb-entrytechnical-description
https://vuldb.com/?ctiid.262139
signaturepermissions-required
https://vuldb.com/?submit.319833
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yhryhryhr_miemie (VulDB User)
.