CVE-2024-0531

Name of the Vulnerable Software and Affected Versions Tenda A15 version 15.13.07.13

Description A critical issue affects the Web-based Management Interface of the Tenda A15, specifically an unknown part of the file /goform/setBlackRule. The manipulation of the deviceList argument leads to a stack-based buffer overflow. This can be initiated remotely, allowing potential execution of arbitrary code. The exploit has been disclosed publicly.

Recommendations For Tenda A15 version 15.13.07.13, as a temporary workaround, consider restricting access to the /goform/setBlackRule API endpoint until a patch is available. Additionally, avoid using the deviceList argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.