CVE-2024-33217

Name of the Vulnerable Software and Affected Versions Tenda FH1206 version 1.2.0.8(8155) EN

Description The issue is related to a stack-based buffer overflow vulnerability. It occurs via the page parameter in the "ip/goform/addressNat" endpoint. Exploitation of this issue may allow a remote attacker to cause a denial of service or execute arbitrary code by sending a specially crafted POST request. The vulnerability is associated with the fromAddressNat function.

Recommendations For Tenda FH1206 version 1.2.0.8(8155) EN, as a temporary workaround, consider disabling the fromAddressNat function or restricting access to the "ip/goform/addressNat" endpoint until a patch is available. Avoid using the page parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.