CVE-2024-2763

Name of the Vulnerable Software and Affected Versions Tenda AC10U version 15.03.06.48

Description A critical issue has been found in the function formSetCfm of the file goform/setcfm, where the manipulation of the argument funcpara1 leads to a stack-based buffer overflow. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The issue is related to the function formSetPPTPServer and is also associated with a stack buffer overflow.

Recommendations For Tenda AC10U version 15.03.06.48, consider disabling the formSetCfm function or restricting access to the goform/setcfm file until a patch is available. Additionally, avoid using the funcpara1 argument in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.