CVE-2024-30599

Name of the Vulnerable Software and Affected Versions Tenda FH1203 version 2.0.1.6

Description The issue is related to a stack overflow vulnerability in the addWifiMacFilter function, specifically with the deviceMac parameter. This vulnerability can be exploited through a specially crafted POST request to the /goform/addWifiMacFilter endpoint, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Tenda FH1203 version 2.0.1.6, consider disabling the addWifiMacFilter function until a patch is available to prevent exploitation. Additionally, restrict access to the /goform/addWifiMacFilter endpoint to minimize the risk of exploitation. Avoid using the deviceMac parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.