CVE-2024-2705

Name of the Vulnerable Software and Affected Versions Tenda AC10U version 1.0/15.03.06.49

Description The issue is related to a stack-based buffer overflow in the formSetQosBand function of the /goform/SetNetControlList file. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The manipulation of the list argument leads to this buffer overflow. The attack can be launched remotely.

Recommendations For Tenda AC10U version 1.0/15.03.06.49, as a temporary workaround, consider disabling the formSetQosBand function until a patch is available. Restrict access to the /goform/SetNetControlList endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.