CVE-2024-2708

Name of the Vulnerable Software and Affected Versions Tenda AC10U version 15.03.06.49

Description The issue is related to a stack-based buffer overflow in the formexeCommand function of the /goform/execCommand file. This can be exploited by manipulating the cmdinput argument, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. The attack may be initiated remotely.

Recommendations For Tenda AC10U version 15.03.06.49, as a temporary workaround, consider restricting access to the /goform/execCommand endpoint until a patch is available. Additionally, avoid using the cmdinput argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.