CVE-2024-4496

Name of the Vulnerable Software and Affected Versions Tenda i21 version 1.0.0.14(4656)

Description A critical issue affects the formWifiMacFilterSet() function, where the manipulation of the ssidIndex argument leads to a stack-based buffer overflow. This can be exploited remotely, potentially impacting the confidentiality, integrity, and availability of protected information. The attack can be initiated by sending a specially crafted POST request.

Recommendations For Tenda i21 version 1.0.0.14(4656), as a temporary workaround, consider disabling the formWifiMacFilterSet() function until a patch is available. Restrict access to the ssidIndex argument in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.