CVE-2024-2891

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44

Description A critical vulnerability was found in the function formQuickIndex of the file /goform/QuickIndex, which can be exploited remotely. The manipulation of the argument PPPOEPassword leads to a stack-based buffer overflow, potentially affecting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed to the public and may be used.

Recommendations For Tenda AC7 version 15.03.06.44, update the firmware immediately to resolve the issue. If an update is unavailable, limit network access and monitor traffic as a temporary mitigation measure. Consider disabling the formQuickIndex function or restricting access to the /goform/QuickIndex file until a patch is available.