CVE-2024-4492

Name of the Vulnerable Software and Affected Versions Tenda i21 version 1.0.0.14(4656)

Description The issue is related to a stack-based buffer overflow in the formOfflineSet function, specifically when handling the GO/ssidIndex parameter in the /goform/setStaOffline API endpoint. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The attack can be initiated by sending a specially crafted POST request to the vulnerable endpoint.

Recommendations For Tenda i21 version 1.0.0.14(4656), as a temporary workaround, consider disabling the formOfflineSet function until a patch is available. Restrict access to the /goform/setStaOffline API endpoint to minimize the risk of exploitation. Avoid using the GO/ssidIndex parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.