CVE-2024-4167

A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.261986 Permissions Required VDB Entry
https://vuldb.com/?id.261986 Third Party Advisory VDB Entry
https://vuldb.com/?submit.318983 Third Party Advisory VDB Entry
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.261986 Permissions Required VDB Entry
https://vuldb.com/?id.261986 Third Party Advisory VDB Entry
https://vuldb.com/?submit.318983 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:*
cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*

History

21 Jan 2025, 14:41

Type Values Removed Values Added
First Time Tenda
Tenda 4g300 Firmware
Tenda 4g300
CWE CWE-787
CPE cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*
cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:*
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.261986 - () https://vuldb.com/?ctiid.261986 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.261986 - () https://vuldb.com/?id.261986 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.318983 - () https://vuldb.com/?submit.318983 - Third Party Advisory, VDB Entry

21 Nov 2024, 09:42

Type Values Removed Values Added
References () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md - () https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md -
References () https://vuldb.com/?ctiid.261986 - () https://vuldb.com/?ctiid.261986 -
References () https://vuldb.com/?id.261986 - () https://vuldb.com/?id.261986 -
References () https://vuldb.com/?submit.318983 - () https://vuldb.com/?submit.318983 -

25 Apr 2024, 13:18

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-25 12:15

Updated : 2025-01-21 14:41


NVD link : CVE-2024-4167

Mitre link : CVE-2024-4167

CVE.ORG link : CVE-2024-4167


JSON object : View

Products Affected

tenda

  • 4g300
  • 4g300_firmware
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write