CVE-2024-4251 | Tenda i21 1.0.0.14(4656) /goform/DhcpSetSe fromDhcpSetSer stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rated as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSe. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow.

This vulnerability is handled as CVE-2024-4251. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4251 | Tenda i21 1.0.0.14(4656) /goform/DhcpSetSe fromDhcpSetSer stack-based overflow

Post correlati

CVE-2024-3166 | mintplex-labs anything-llm up to 1.4.1 cross site scripting

CVE-2024-5360 | PHPGurukul Zoo Management System 2.1 foreigner-bwdates-reports-details.php fromdate sql injection

CVE-2024-2462 | Hitachi Energy FOXMAN-UN/FOX61x/FOXCST/UNEM/XMC20/ECST certificate validation

CVE-2024-1574 | Mitsubishi Electric ICONICS/AlarmWorX Multimedia/MobileHMI unknown vulnerability (icsa-24-184-03)