ID

VAR-202405-0120


CVE

CVE-2024-4495


TITLE

Tenda i21 formWifiMacFilterGet function buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-22408

DESCRIPTION

A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263084. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda i21 is a wireless access point of China's Tenda company. The vulnerability is caused by the parameter index of the function formWifiMacFilterGet failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Trust: 1.44

sources: NVD: CVE-2024-4495 // CNVD: CNVD-2024-22408

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-22408

AFFECTED PRODUCTS

vendor:tendamodel:i21scope:eqversion:1.0.0.14(4656)

Trust: 0.6

sources: CNVD: CNVD-2024-22408

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-4495
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-22408
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2024-4495
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2024-22408
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-4495
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-22408 // NVD: CVE-2024-4495

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2024-4495

EXTERNAL IDS

db:NVDid:CVE-2024-4495

Trust: 1.6

db:VULDBid:263084

Trust: 1.0

db:CNVDid:CNVD-2024-22408

Trust: 0.6

sources: CNVD: CNVD-2024-22408 // NVD: CVE-2024-4495

REFERENCES

url:https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/i/i21/formwifimacfilterget.md

Trust: 1.0

url:https://vuldb.com/?ctiid.263084

Trust: 1.0

url:https://vuldb.com/?id.263084

Trust: 1.0

url:https://vuldb.com/?submit.323605

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-4495

Trust: 0.6

sources: CNVD: CNVD-2024-22408 // NVD: CVE-2024-4495

SOURCES

db:CNVDid:CNVD-2024-22408
db:NVDid:CVE-2024-4495

LAST UPDATE DATE

2024-08-14T14:54:11.854000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-22408date:2024-05-14T00:00:00
db:NVDid:CVE-2024-4495date:2024-05-17T02:40:25.167

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-22408date:2024-05-11T00:00:00
db:NVDid:CVE-2024-4495date:2024-05-05T06:15:06.637