CVE-2024-0532

Name of the Vulnerable Software and Affected Versions Tenda A15 version 15.13.07.13

Description A critical issue affects the function set repeat5 of the file /goform/WifiExtraSet in the Web-based Management Interface component. The manipulation of the argument wpapsk crypto2 4g or wpapsk crypto5g leads to a stack-based buffer overflow. This can be initiated remotely, allowing an attacker to potentially execute arbitrary code. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations For Tenda A15 version 15.13.07.13, as a temporary workaround, consider disabling the set repeat5 function until a patch is available. Restrict access to the /goform/WifiExtraSet file to minimize the risk of exploitation. Avoid using the arguments wpapsk crypto2 4g and wpapsk crypto5g in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.