CVE-2024-30595

Name of the Vulnerable Software and Affected Versions Tenda FH1202 version 1.2.0.14(408)

Description The issue is related to a stack overflow vulnerability in the addWifiMacFilter function, specifically with the deviceId parameter. This vulnerability can be exploited through a specially crafted POST request to the "/goform/addWifiMacFilter" endpoint, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Tenda FH1202 version 1.2.0.14(408), consider disabling the addWifiMacFilter function until a patch is available to prevent exploitation. Additionally, restrict access to the "/goform/addWifiMacFilter" endpoint to minimize the risk of exploitation. Avoid using the deviceId parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.