CVE-2024-10750

Name of the Vulnerable Software and Affected Versions Tenda i22 version 1.0.0.3(4687)

Description A vulnerability has been found in the function websReadEvent of the file "/goform/GetIPTV?fgHPOST/goform/SysToo". The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This issue is related to a null pointer dereference, which can allow an attacker to cause a denial of service.

Recommendations For Tenda i22 version 1.0.0.3(4687), as a temporary workaround, consider disabling the websReadEvent function until a patch is available. Restrict access to the "/goform/GetIPTV?fgHPOST/goform/SysToo" endpoint to minimize the risk of exploitation. Avoid using the Content-Length argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.