CVE-2023-37718

Name of the Vulnerable Software and Affected Versions Tenda F1202 version V1.0BR V1.2.0.20(408) Tenda FH1202 version V1.2.0.19 EN

Description The issue is related to a stack overflow in the fromSafeClientFilter() function when handling the page parameter. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information by sending a specially crafted request. The page parameter is vulnerable to a buffer overflow, which can lead to a stack overflow.

Recommendations For Tenda F1202 version V1.0BR V1.2.0.20(408), consider disabling the fromSafeClientFilter() function until a patch is available. For Tenda FH1202 version V1.2.0.19 EN, restrict access to the page parameter in the fromSafeClientFilter() function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.