CVE-2024-2993

Name of the Vulnerable Software and Affected Versions Tenda FH1203 version 2.0.1.6

Description A critical issue was found in the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to a stack-based buffer overflow. It is possible to launch the attack remotely. The issue has been disclosed to the public.

Recommendations For Tenda FH1203 version 2.0.1.6, as a temporary workaround, consider disabling the formQuickIndex function until a patch is available. Restrict access to the /goform/QuickIndex endpoint to minimize the risk of exploitation. Avoid using the PPPOEPassword argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.