PT-2024-3677 · Tenda · Tenda I21

Yhryhryhr_Tu

Published

2024-04-26

Updated

2024-06-04

CVE-2024-4250

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tenda i21 version 1.0.0.14(4656)

Description A critical issue exists due to a stack-based buffer overflow when handling the ssidIndex parameter in the /goform/wifiSSIDget and /goform/wifiSSIDset API endpoints. This can be exploited remotely, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations For Tenda i21 version 1.0.0.14(4656), as a temporary workaround, consider disabling the formwrlSSIDget and formwrlSSIDset functions until a patch is available. Restrict access to the /goform/wifiSSIDget and /goform/wifiSSIDset API endpoints to minimize the risk of exploitation. Avoid using the ssidIndex parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2024-04021

CVE-2024-4250

Affected Products

Tenda I21

PT-2024-3677 · Tenda · Tenda I21

CVE-2024-4250

Weakness Enumeration

Related Identifiers

Affected Products

References · 8