CVE-2024-57580

Name of the Vulnerable Software and Affected Versions Tenda AC18 version V15.03.05.19

Description The issue is related to a stack overflow vulnerability in the formSetDeviceName function, specifically through the devName parameter. This vulnerability can be exploited by sending a specially crafted POST request, potentially allowing a remote attacker to cause a denial of service. The vulnerability is associated with the lack of input size validation, enabling the copying of input data into a buffer without proper checks.

Recommendations For Tenda AC18 version V15.03.05.19, consider disabling the formSetDeviceName function until a patch is available to prevent exploitation. Restrict access to the vulnerable function to minimize the risk of denial of service attacks. Avoid using the devName parameter in affected API endpoints until the issue is resolved.