CVE-2024-30592

Name of the Vulnerable Software and Affected Versions Tenda FH1202 version 1.2.0.14(408)

Description The issue is related to a stack overflow vulnerability in the fromAddressNat function, specifically in the page parameter. This vulnerability can be exploited by a remote attacker using a specially crafted POST request to the /goform/addressNat endpoint, potentially impacting the confidentiality, integrity, and availability of protected information.

Recommendations For Tenda FH1202 version 1.2.0.14(408), consider disabling the fromAddressNat function or restricting access to the /goform/addressNat endpoint until a patch is available. Avoid using the page parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.