CVE-2024-3006

Name of the Vulnerable Software and Affected Versions Tenda FH1205 version 2.0.0.7(775)

Description A critical vulnerability was found in the Tenda FH1205, affecting the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to a stack-based buffer overflow. The attack can be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Tenda FH1205 version 2.0.0.7(775), update the firmware as soon as possible. If an update is unavailable, limit router access to minimize the risk of exploitation. As a temporary workaround, consider restricting access to the /goform/fromRouteStatic endpoint until a patch is available. Avoid using the entrys argument in the affected function until the issue is resolved.