CVE-2024-2809

Name of the Vulnerable Software and Affected Versions Tenda AC15 versions 15.03.05.18 through 15.03.20 multi

Description A critical issue was found in the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to a stack-based buffer overflow. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information.

Recommendations For Tenda AC15 versions 15.03.05.18 through 15.03.20 multi, as a temporary workaround, consider disabling the formSetFirewallCfg function until a patch is available. Restrict access to the /goform/SetFirewallCfg endpoint to minimize the risk of exploitation. Avoid using the parameter firewallEn in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.