CVE-2024-4494

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published May 5, 2024

Updated: May 6, 2024

CWE ID 121

Summary

CVE-2024-4494 is a critical vulnerability found in Tenda i21 1.0.0.14(4656). The vulnerability is related to the function formSetUplinkInfo of the file /goform/setUplinkInfo and is classified as a stack-based buffer overflow. It can be exploited remotely, and the manipulation of the argument pingHostIp2 triggers the vulnerability. The exploit has been publicly disclosed, but the vendor did not respond to the disclosure. The vulnerability has a CVSS score of 9.0, indicating a high potential danger to organizations using Tenda i21 1.0.0.14(4656).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vweTZm
https://www.cve.org/CVERecord?id=CVE-2024-4494
https://nvd.nist.gov/vuln/detail/CVE-2024-4494

Back to Vulnerability Database

CVE-2024-4494

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations