CVE-2024-2710

Name of the Vulnerable Software and Affected Versions Tenda AC10U version 15.03.06.49

Description A critical issue has been found in the setSchedWifi function of the /goform/openSchedWifi file, which can lead to a stack-based buffer overflow when the schedStartTime argument is manipulated. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed publicly.

Recommendations For Tenda AC10U version 15.03.06.49, as a temporary workaround, consider disabling the setSchedWifi function until a patch is available. Restrict access to the /goform/openSchedWifi file to minimize the risk of exploitation. Avoid using the schedStartTime argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.