CVE-2024-4250 | Tenda i21 1.0.0.14(4656) /goform/wifiSSIDset formwrlSSIDset ssidIndex stack-based overflow

Posted by Angelo Barbosa | Apr 26, 2024 | CVE

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow.

This vulnerability is known as CVE-2024-4250. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-4250 | Tenda i21 1.0.0.14(4656) /goform/wifiSSIDset formwrlSSIDset ssidIndex stack-based overflow

Related Posts

CVE-2023-49897 | FXC AE1021PE/AE1021 up to 2.0.9 os command injection

CVE-2024-27039 | Linux Kernel up to 5.15.152/6.1.82/6.6.22/6.7.10/6.8.1 hi3559a devm_kfree iteration

CVE-2024-8625 | TS Poll Plugin up to 2.3.x on WordPress sql injection

CVE-2023-50898 | Sirv Plugin up to 7.1.2 on WordPress authorization