CVE-2024-4243

Name of the Vulnerable Software and Affected Versions Tenda W9 version 1.0.0.7(4456)

Description A critical vulnerability has been found in the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to a stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Tenda W9 version 1.0.0.7(4456), as a temporary workaround, consider disabling the formwrlSSIDset function until a patch is available. Restrict access to the /goform/wifiSSIDset endpoint to minimize the risk of exploitation. Avoid using the argument ssidIndex in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.