CVE-2024-0923

Name of the Vulnerable Software and Affected Versions Tenda AC10U version 15.03.06.49 multi TDE01

Description A critical issue has been found in the function formSetDeviceName, which is related to a stack-based buffer overflow due to the manipulation of the argument devName. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed to the public.

Recommendations For Tenda AC10U version 15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the formSetDeviceName function until a patch is available. Restrict access to the devName argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.