CVE-2024-4167

Name of the Vulnerable Software and Affected Versions Tenda 4G300 version 1.01.42

Description A critical issue was found, affecting the function sub 422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to a stack-based buffer overflow. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Tenda 4G300 version 1.01.42, as a temporary workaround, consider disabling the sub 422AA4 function until a patch is available. Restrict access to the affected function to minimize the risk of exploitation. Avoid using the argument year/month/day/hour/minute/second in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.