Login Sign Up

CVE-2024-4245

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A critical stack-based buffer overflow vulnerability exists in Tenda i21 routers version 1.0.0.14(4656) affecting the formQosManageDouble_user function. Attackers can remotely exploit this by manipulating the ssidIndex parameter to execute arbitrary code or crash the device. This affects all users running the vulnerable firmware version.

💻 Affected Systems

Products:
  • Tenda i21 router
Versions: 1.0.0.14(4656)
Operating Systems: Embedded Linux firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running this specific firmware version are vulnerable by default.

📦 What is this software?

I21 Firmware by Tenda

View all CVEs affecting I21 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, and lateral movement to connected networks.

🟠

Likely Case

Device crash causing denial of service, potentially requiring physical reset or firmware reinstallation.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and routers are typically internet-facing devices.
🏢 Internal Only: MEDIUM - Could still be exploited from internal networks if attacker gains initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Public proof-of-concept code exists on GitHub. Exploitation requires understanding of buffer overflow techniques but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: Yes

Instructions:

No official patch available. Consider upgrading to newer firmware if available or replacing device.

🔧 Temporary Workarounds

Disable QoS Management

all

Disable Quality of Service management features if possible to prevent access to vulnerable function

Network Segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

  • Replace affected Tenda i21 routers with different models or brands
  • Place router behind dedicated firewall with strict inbound rules blocking all unnecessary ports

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface or via SSH: cat /proc/version or show version commands

Check Version:

ssh admin@router-ip 'cat /proc/version' or check web interface at http://router-ip

Verify Fix Applied:

Verify firmware version is no longer 1.0.0.14(4656) - no official fix available

📡 Detection & Monitoring

Log Indicators:

  • Unusual QoS configuration changes
  • Repeated device crashes/reboots
  • Buffer overflow error messages in system logs

Network Indicators:

  • Unusual traffic to router management interface on port 80/443
  • Exploit pattern matches in network traffic

SIEM Query:

source="router_logs" AND ("formQosManageDouble" OR "buffer overflow" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2024-4245
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: April 27, 2024
Last Updated: January 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4245, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)