CVE-2024-4493

Name of the Vulnerable Software and Affected Versions Tenda i21 version 1.0.0.14(4656)

Description A critical vulnerability was found in the Tenda i21, affecting the formSetAutoPing function. The manipulation of the ping1/ping2 argument leads to a stack-based buffer overflow. This issue can be exploited remotely, potentially impacting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed publicly. The vendor was contacted about this disclosure but did not respond.

Recommendations As a temporary workaround, consider disabling the formSetAutoPing function until a patch is available. Restrict access to the ping1 and ping2 parameters in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.