CVE-2024-6962

Name of the Vulnerable Software and Affected Versions Tenda O3 version 1.0.0.10

Description A critical vulnerability was found in the function formQosSet. The manipulation of the arguments remark, ipRange, upSpeed, downSpeed, and enable leads to a stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For Tenda O3 version 1.0.0.10, as a temporary workaround, consider disabling the formQosSet function until a patch is available. Restrict access to the remark, ipRange, upSpeed, downSpeed, and enable arguments in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.