CVE-2024-30604

Name of the Vulnerable Software and Affected Versions Tenda FH1203 version 2.0.1.6

Description The issue is related to a stack overflow vulnerability in the fromDhcpListClient function, specifically with the list1 parameter. This vulnerability can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerable function is associated with the /goform/DhcpListClient endpoint.

Recommendations For Tenda FH1203 version 2.0.1.6, as a temporary workaround, consider disabling the fromDhcpListClient function until a patch is available. Restrict access to the /goform/DhcpListClient endpoint to minimize the risk of exploitation. Avoid using the list1 parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.