CVE-2024-7152

Name of the Vulnerable Software and Affected Versions Tenda O3 version 1.0.0.10(2478)

Description A critical issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to a stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Tenda O3 version 1.0.0.10(2478), as a temporary workaround, consider disabling the fromSafeSetMacFilter function until a patch is available. Restrict access to the /goform/setMacFilterList endpoint to minimize the risk of exploitation. Avoid using the time argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.