Buffer Overflow Vulnerability in Tenda i22 Networking Device
CVE-2024-7585

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: I22 Firmware
Vendor: CVE Published:; 7 August 2024

Summary

A serious buffer overflow vulnerability has been discovered in the Tenda i22 networking device, specifically in the formApPortalWebAuth function located at /goform/apPortalAuth. This vulnerability allows attackers to exploit the arguments webUserName and webUserPassword to manipulate memory allocation, leading to potential arbitrary code execution. The attack can be executed remotely, exposing users to significant risk. Despite early notification to Tenda regarding this security flaw, there has been no response from the vendor. It is crucial for users of the affected product to apply necessary mitigation measures to safeguard their devices.

References

https://vuldb.com/?id.273865

https://vuldb.com/?ctiid.273865

https://vuldb.com/?submit.382837

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2024

Collectors

NVD Database