CVE-2024-2704

Name of the Vulnerable Software and Affected Versions Tenda AC10U version 15.03.06.49

Description The issue is related to a stack-based buffer overflow in the formSetFirewallCfg function, accessible through the "/goform/SetFirewallCfg" endpoint. The manipulation of the firewallEn argument can lead to this overflow. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information.

Recommendations For Tenda AC10U version 15.03.06.49, as a temporary workaround, consider restricting access to the /goform/SetFirewallCfg endpoint to minimize the risk of exploitation. Avoid manipulating the firewallEn argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.