CVE-2024-0541

Name of the Vulnerable Software and Affected Versions Tenda W9 version 1.0.0.7(4456)

Description A critical issue has been identified in the function formAddSysLogRule of the httpd component, which can lead to a stack-based buffer overflow when the sysRulenEn argument is manipulated. This can be exploited remotely, allowing an attacker to potentially execute arbitrary code. The exploit has been publicly disclosed.

Recommendations As a temporary workaround, consider disabling the formAddSysLogRule function until a patch is available. Restrict access to the httpd component to minimize the risk of exploitation. Avoid using the sysRulenEn argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.