CVE-2024-33215

Name of the Vulnerable Software and Affected Versions Tenda FH1206 version 1.2.0.8(8155) EN

Description The issue is related to a stack-based buffer overflow vulnerability in the fromAddressNat function, specifically via the mitInterface parameter in the ip/goform/addressNat endpoint. This vulnerability can be exploited by sending a specially crafted POST request, potentially allowing a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations For Tenda FH1206 version 1.2.0.8(8155) EN, as a temporary workaround, consider restricting access to the ip/goform/addressNat endpoint until a patch is available. Avoid using the mitInterface parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.