CVE-2024-2814

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.20 multi

Description A critical issue affects the fromDhcpListClient function of the file /goform/DhcpListClient. The manipulation of the page argument leads to a stack-based buffer overflow. This issue may be exploited remotely, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations For Tenda AC15 version 15.03.20 multi, as a temporary workaround, consider disabling the fromDhcpListClient function until a patch is available. Restrict access to the /goform/DhcpListClient endpoint to minimize the risk of exploitation. Avoid using the page argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.