CVE-2024-2898

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44

Description A critical vulnerability was found in the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the list argument leads to a stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. An attacker could impact the confidentiality, integrity, and availability of protected information by sending a specially crafted POST request.

Recommendations For Tenda AC7 version 15.03.06.44, as a temporary workaround, consider disabling the fromSetRouteStatic function until a patch is available. Restrict access to the /goform/SetStaticRouteCfg endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.