Buffer Overflow Vulnerability in Tenda i22 Router
CVE-2024-4252

8.8HIGH

Key Information:

Vendor
Tenda
Status
I22
Vendor
CVE Published:
27 April 2024

Summary

A serious stack-based buffer overflow vulnerability has been identified in the Tenda i22 router's formSetUrlFilterRule function. This vulnerability allows remote attackers to manipulate the groupIndex argument, potentially leading to system instability or malicious code execution. Users of the affected version, 1.0.0.3(4687), are urged to implement appropriate security measures and monitor for any suspicious activities. Despite early contact with Tenda regarding this vulnerability, the vendor has not provided a response or patch, highlighting the need for immediate user action. For detailed indicators of compromise and further technical insights, refer to the comprehensive resources linked below.

Affected Version(s)

i22 1.0.0.3(4687)

References

https://vuldb.com/?id.262143
vdb-entrytechnical-description
https://vuldb.com/?ctiid.262143
signaturepermissions-required
https://vuldb.com/?submit.319840
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

yhryhryhr_tu (VulDB User)
.