CVE-2024-0928

Name of the Vulnerable Software and Affected Versions Tenda AC10U version 15.03.06.49 multi TDE01

Description A critical issue has been identified in the fromDhcpListClient function, which can be exploited remotely. The manipulation of the page/listN argument leads to a stack-based buffer overflow. This can potentially impact the confidentiality, integrity, and availability of protected information. The exploit has been disclosed publicly.

Recommendations As a temporary workaround, consider disabling the fromDhcpListClient function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the page/listN argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.