Cyber Resilience

CVE-2024-57483

Critical

Published: 14 January 2025

Published
14 January 2025
Modified
09 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0052 67.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57483 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Tenda I24 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-57483 is a buffer overflow vulnerability (CWE-120) affecting the Tenda i24 router running firmware version V2.0.0.5, specifically in the addWifiMacFilter function. The flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for severe impact across confidentiality, integrity, and availability.

The vulnerability can be exploited by any unauthenticated remote attacker over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to trigger a buffer overflow, potentially leading to arbitrary code execution, data corruption, or denial of service on the affected device.

Vendor guidance and additional details are available via the Tenda website (http://tenda.com) and a GitHub Gist at https://gist.github.com/XiaoCurry/7dd5c6ab5af9df49883535b997cef7a4, which security practitioners should consult for patch availability, workarounds, or proof-of-concept information.

EU & UK References

Vulnerability details

Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in public-facing router function (addWifiMacFilter) directly enables remote unauthenticated exploitation for RCE/initial access on network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-25674Same vendor: Tenda
CVE-2025-29137Same vendor: Tenda
CVE-2026-24113Same vendor: Tenda
CVE-2026-24108Same vendor: Tenda
CVE-2026-24110Same vendor: Tenda
CVE-2025-25678Same vendor: Tenda
CVE-2026-24103Same vendor: Tenda
CVE-2025-25667Same vendor: Tenda
CVE-2026-24111Same vendor: Tenda
CVE-2026-24112Same vendor: Tenda

Affected Assets

tenda
i24 firmware
2.0.0.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely patching and remediation of the buffer overflow flaw in the addWifiMacFilter function to eliminate the vulnerability.

prevent

Mandates validation of inputs to the addWifiMacFilter function to prevent buffer overflows from malformed MAC filter data.

prevent

Provides memory protections like stack canaries and DEP to block arbitrary code execution from successful buffer overflow exploitation.

References