CVE-2024-7585

Name of the Vulnerable Software and Affected Versions Tenda i22 version 1.0.0.3(4687)

Description The issue is related to a buffer overflow in the formApPortalWebAuth function due to lack of input size validation. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with the manipulation of the webUserName and webUserPassword arguments in the /goform/apPortalAuth endpoint.

Recommendations For Tenda i22 version 1.0.0.3(4687), as a temporary workaround, consider restricting access to the /goform/apPortalAuth endpoint until a patch is available. Avoid using the webUserName and webUserPassword arguments in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.