CVE-2024-57483

Critical

Published: 14 January 2025

Published

14 January 2025

Modified

09 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0038 59.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

Security Summary

CVE-2024-57483 is a buffer overflow vulnerability (CWE-120) affecting the Tenda i24 router running firmware version V2.0.0.5, specifically in the addWifiMacFilter function. The flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for severe impact across confidentiality, integrity, and availability.

The vulnerability can be exploited by any unauthenticated remote attacker over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to trigger a buffer overflow, potentially leading to arbitrary code execution, data corruption, or denial of service on the affected device.

Vendor guidance and additional details are available via the Tenda website (http://tenda.com) and a GitHub Gist at https://gist.github.com/XiaoCurry/7dd5c6ab5af9df49883535b997cef7a4, which security practitioners should consult for patch availability, workarounds, or proof-of-concept information.

Details

CWE(s): CWE-120

Affected Products

tenda

i24 firmware

2.0.0.5

References

http://tenda.com
Not Applicable · cve@mitre.org
https://gist.github.com/XiaoCurry/7dd5c6ab5af9df49883535b997cef7a4
Broken Link · cve@mitre.org