CVE-2024-7582

Name of the Vulnerable Software and Affected Versions Tenda i22 version 1.0.0.3(4687)

Description A critical issue was found in the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to a buffer overflow. This issue can be exploited remotely.

Recommendations For Tenda i22 version 1.0.0.3(4687), as a temporary workaround, consider disabling the formApPortalAccessCodeAuth function until a patch is available. Restrict access to the /goform/apPortalAccessCodeAuth endpoint to minimize the risk of exploitation. Avoid using the accessCode/data/acceInfo argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.