CVE-2024-2852

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.20 multi

Description A critical issue affects the saveParentControlInfo function of the file "/goform/saveParentControlInfo". The manipulation of the urls argument leads to a stack-based buffer overflow. This can be initiated remotely, potentially allowing an attacker to execute arbitrary code or cause a denial of service.

Recommendations For Tenda AC15 version 15.03.20 multi, as a temporary workaround, consider disabling the saveParentControlInfo() function until a patch is available. Restrict access to the "/goform/saveParentControlInfo" endpoint to minimize the risk of exploitation. Avoid using the urls parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.