CVE-2024-57483

Critical

Published: 14 January 2025

Published

14 January 2025

Modified

09 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0038 59.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57483 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda I24 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely patching and remediation of the buffer overflow flaw in the addWifiMacFilter function to eliminate the vulnerability.

SI-10 Information Input Validation good match

prevent

Mandates validation of inputs to the addWifiMacFilter function to prevent buffer overflows from malformed MAC filter data.

SI-16 Memory Protection good match

prevent

Provides memory protections like stack canaries and DEP to block arbitrary code execution from successful buffer overflow exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in public-facing router function (addWifiMacFilter) directly enables remote unauthenticated exploitation for RCE/initial access on network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

Deeper analysisAI

CVE-2024-57483 is a buffer overflow vulnerability (CWE-120) affecting the Tenda i24 router running firmware version V2.0.0.5, specifically in the addWifiMacFilter function. The flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for severe impact across confidentiality, integrity, and availability.

The vulnerability can be exploited by any unauthenticated remote attacker over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to trigger a buffer overflow, potentially leading to arbitrary code execution, data corruption, or denial of service on the affected device.

Vendor guidance and additional details are available via the Tenda website (http://tenda.com) and a GitHub Gist at https://gist.github.com/XiaoCurry/7dd5c6ab5af9df49883535b997cef7a4, which security practitioners should consult for patch availability, workarounds, or proof-of-concept information.

Details

CWE(s): CWE-120

Affected Products

tenda

i24 firmware

2.0.0.5

CVEs Like This One

CVE-2026-24110Same vendor: Tenda

CVE-2025-29137Same vendor: Tenda

CVE-2026-24111Same vendor: Tenda

CVE-2025-55606Same vendor: Tenda

CVE-2025-55613Same vendor: Tenda

CVE-2025-22946Same vendor: Tenda

CVE-2025-25676Same vendor: Tenda

CVE-2025-25674Same vendor: Tenda

CVE-2025-67073Same vendor: Tenda

CVE-2025-55603Same vendor: Tenda

References

http://tenda.com
Not Applicable · cve@mitre.org
https://gist.github.com/XiaoCurry/7dd5c6ab5af9df49883535b997cef7a4
Broken Link · cve@mitre.org