CVE-2024-4497 | Tenda i21 1.0.0.14(4656) formexeCommand cmdinput stack-based overflow

Posted by Angelo Barbosa | May 4, 2024 | CVE

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow.

This vulnerability was named CVE-2024-4497. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4497 | Tenda i21 1.0.0.14(4656) formexeCommand cmdinput stack-based overflow

Related Posts

CVE-2024-38507 | JetBrains Hub up to 2023.1.15725 Project Description cross site scripting

CVE-2024-2717 | Campcodes Complete Online DJ Booking System 1.0 booking-search.php searchdata cross site scripting

CVE-2024-33518 | Aruba ArubaOS up to 8.10.0.10/8.11.2.1/10.4.1.0/10.5.1.0 Radio Frequency Manager Service denial of service (ARUBA-PSA-2024-004)

CVE-2024-39385 | Adobe Premiere Pro AVI File Parser use after free (ZDI-24-1198)