CVE-2024-2987

Name of the Vulnerable Software and Affected Versions Tenda FH1202 version 1.2.0.14(408)

Description A critical vulnerability has been found, affecting the function GetParentControlInfo of the file "/goform/GetParentControlInfo". The manipulation of the argument mac leads to a stack-based buffer overflow. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Tenda FH1202 version 1.2.0.14(408), as a temporary workaround, consider disabling the GetParentControlInfo function until a patch is available. Restrict access to the "/goform/GetParentControlInfo" endpoint to minimize the risk of exploitation. Avoid using the mac argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.