CVE-2024-2892

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44

Description A critical issue has been discovered in the Tenda AC7, specifically in the function formSetCfm located in the "/goform/setcfm" file. This issue is caused by the manipulation of the funcpara1 argument, leading to a stack-based buffer overflow. The attack can be launched remotely, potentially affecting the confidentiality, integrity, and availability of protected information.

Recommendations For Tenda AC7 version 15.03.06.44, as a temporary workaround, consider disabling the formSetCfm function until a patch is available. Restrict access to the "/goform/setcfm" file to minimize the risk of exploitation. Avoid using the funcpara1 argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.