CVE-2024-4247

Description

A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. This vulnerability affects the function formQosManage_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. VDB-262138 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

tenda / i211.0.0.14(4656) – 1.0.0.14(4656)

References

MISChttps://vuldb.com/?id.262138
MISChttps://vuldb.com/?ctiid.262138
MISChttps://vuldb.com/?submit.319832
MISChttps://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formQosManage_auto.md