CVE-2024-4497 | Tenda i21 1.0.0.14(4656) formexeCommand cmdinput stack-based overflow

Inserito da Angelo Barbosa | Mag 4, 2024 | CVE

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow.

This vulnerability was named CVE-2024-4497. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4497 | Tenda i21 1.0.0.14(4656) formexeCommand cmdinput stack-based overflow

Post correlati

CVE-2023-49254 | Hongdian H8951-4G-ESP prior 2310271149 HTTP POST Request destination os command injection

CVE-2024-21841 | Intel Distribution for GDB Software prior 2024.0 uncontrolled search path (intel-sa-01042)

CVE-2024-36982 | Splunk Enterprise/Cloud Platform Cluster Config REST Endpoint null pointer dereference (SVD-2024-0702)

CVE-2023-48702 | Jellyfin up to 10.8.12 Path ProcessStartInfo command injection (GHSA-rr9h-w522-cvmr)