CVE-2024-30629

Name of the Vulnerable Software and Affected Versions Tenda FH1205 version 2.0.0.7(775)

Description The issue is related to a stack overflow vulnerability in the fromDhcpListClient function, specifically with the list1 parameter. This vulnerability can be exploited by a remote attacker to cause a denial of service. The vulnerable endpoint is "/goform/DhcpListClient".

Recommendations For Tenda FH1205 version 2.0.0.7(775), as a temporary workaround, consider disabling the fromDhcpListClient function until a patch is available. Restrict access to the "/goform/DhcpListClient" endpoint to minimize the risk of exploitation. Avoid using the list1 parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.