PT-2024-2464 · Tenda · Tenda Fh1202
Published
2024-03-28
·
Updated
2025-03-13
·
CVE-2024-30594
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tenda FH1202 version 1.2.0.14(408)
Description
The issue is related to a stack overflow vulnerability in the
addWifiMacFilter function, specifically in the deviceMac parameter, which can be exploited through a specially crafted POST request to the /goform/addWifiMacFilter endpoint. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.Recommendations
For Tenda FH1202 version 1.2.0.14(408), consider disabling the
addWifiMacFilter function until a patch is available to prevent exploitation of the stack overflow vulnerability in the deviceMac parameter. Restrict access to the /goform/addWifiMacFilter endpoint to minimize the risk of exploitation. Avoid using the deviceMac parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Fh1202