CVE-2024-50667

Name of the Vulnerable Software and Affected Versions: Trendnet TEW-820AP version 1.01.B01

Description: The issue is related to a stack overflow vulnerability in the boa httpd. Specifically, the vulnerability is found in the /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, and /boafrm/formDnsv6 API endpoints. The reason for this vulnerability is that the check of ipv6 address is not sufficient, allowing attackers to construct payloads for attacks.

Recommendations: For Trendnet TEW-820AP version 1.01.B01, as a temporary workaround, consider restricting access to the /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, and /boafrm/formDnsv6 API endpoints until a patch is available. Avoid using these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.