CVE-2024-57578

Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.19

Description The issue is related to a stack overflow in the formSetCfm() function due to the funcpara1 parameter. This can potentially allow a remote attacker to execute arbitrary code or cause a denial of service. The vulnerability is associated with a buffer overflow when processing the funcpara1 parameter.

Recommendations For Tenda AC18 version 15.03.05.19, consider disabling the formSetCfm() function until a patch is available to prevent potential exploitation. Restrict access to the vulnerable function to minimize the risk of arbitrary code execution or denial of service. Avoid using the funcpara1 parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.