Login Sign Up

CVE-2024-4495

8.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A critical stack-based buffer overflow vulnerability in Tenda i21 routers allows remote attackers to execute arbitrary code by manipulating the index parameter in the formWifiMacFilterGet function. This affects Tenda i21 firmware version 1.0.0.14(4656). Attackers can exploit this without authentication to potentially take complete control of affected devices.

💻 Affected Systems

Products:
  • Tenda i21
Versions: 1.0.0.14(4656)
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the affected firmware version are vulnerable by default.

📦 What is this software?

I21 Firmware by Tenda

View all CVEs affecting I21 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistence installation, network pivoting, and data exfiltration.

🟠

Likely Case

Device takeover enabling network traffic interception, credential theft, and botnet recruitment.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing devices immediate targets.
🏢 Internal Only: MEDIUM - Internal devices remain vulnerable to network-based attacks but require initial access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code exists in GitHub repositories, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch available. Contact Tenda support for firmware updates or replace affected devices.

🔧 Temporary Workarounds

Network Isolation

all

Isolate affected routers from critical networks and internet exposure

Access Control

linux

Implement strict firewall rules to block external access to router management interfaces

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Replace affected Tenda i21 routers with different models or brands
  • Deploy network segmentation to limit potential lateral movement

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at 192.168.0.1 or 192.168.1.1, login and navigate to System Status

Check Version:

curl -s http://192.168.0.1/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is no longer 1.0.0.14(4656)

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /goform/formWifiMacFilterGet
  • Multiple failed buffer overflow attempts in system logs
  • Unexpected process crashes or restarts

Network Indicators:

  • Unusual traffic patterns to router management ports (80, 443, 8080)
  • Suspicious payloads in HTTP POST requests

SIEM Query:

source="router.log" AND "formWifiMacFilterGet" AND ("index" OR "overflow")

📊 Metadata

CVE ID: CVE-2024-4495
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: May 5, 2024
Last Updated: January 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4495, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)