CVE-2024-10351

Name of the Vulnerable Software and Affected Versions Tenda RX9 Pro version 22.03.02.20

Description A critical issue affects the function sub 424CE0 of the file /goform/setMacFilterCfg in the component POST Request Handler. The manipulation of the deviceList argument leads to a stack-based buffer overflow. This issue can be exploited remotely.

Recommendations For Tenda RX9 Pro version 22.03.02.20, as a temporary workaround, consider restricting access to the /goform/setMacFilterCfg endpoint until a patch is available. Avoid manipulating the deviceList argument in the affected POST Request Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.