Stack-Based Buffer Overflow Vulnerability in Tenda i21 Product
CVE-2024-4491

8.8HIGH

Key Information:

Vendor: Tenda
Status: I21 Firmware
Vendor: CVE Published:; 5 May 2024

Summary

A significant security flaw has been identified in the Tenda i21 product, specifically in version 1.0.0.14(4656). This vulnerability stems from a stack-based buffer overflow in the 'formGetDiagnoseInfo' function triggered by improper manipulation of the 'cmdinput' argument. Attackers can exploit this flaw remotely, exposing the system to potential unauthorized access and control. Despite early disclosures to Tenda regarding this vulnerability, the vendor has not responded, raising concerns about the timeliness of any potential fixes or mitigations.

References

https://vuldb.com/?id.263080

https://vuldb.com/?ctiid.263080

https://vuldb.com/?submit.323600

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2024