CVE-2024-2817

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.18

Description A vulnerability has been found in the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet, which is related to insufficient authentication of executed requests. This issue can lead to cross-site request forgery and may be exploited remotely, potentially resulting in a denial of service. The exploit has been disclosed to the public.

Recommendations For Tenda AC15 version 15.03.05.18, as a temporary workaround, consider disabling the fromSysToolRestoreSet function until a patch is available. Restrict access to the /goform/SysToolRestoreSet endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.