CVE-2024-4166

Name of the Vulnerable Software and Affected Versions Tenda 4G300 version 1.01.42

Description A critical issue has been found, affecting the function sub 41E858. The manipulation of the argument GO/page leads to a stack-based buffer overflow. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Tenda 4G300 version 1.01.42, as a temporary workaround, consider restricting access to the function sub 41E858 until a patch is available. Avoid using the argument GO/page in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.