CVE-2024-4020

Name of the Vulnerable Software and Affected Versions Tenda FH1206 version 1.2.0.8(8155)

Description A critical issue affects the fromAddressNat function of the /goform/addressNat file, where the manipulation of the entrys argument leads to a buffer overflow. This can be exploited remotely, potentially allowing an attacker to execute arbitrary code or cause a denial of service.

Recommendations For Tenda FH1206 version 1.2.0.8(8155), as a temporary workaround, consider disabling the fromAddressNat function until a patch is available. Restrict access to the /goform/addressNat file to minimize the risk of exploitation. Avoid using the entrys argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.