CVE-2024-34944

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 1.2.0.8(8155) EN

Description: The issue is related to a stack-based buffer overflow via the list1 parameter at the "ip/goform/DhcpListClient" endpoint. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with the fromDhcpListClient function and involves reading data beyond the buffer boundaries in memory.

Recommendations: For Tenda FH1206 version 1.2.0.8(8155) EN, consider restricting access to the "ip/goform/DhcpListClient" endpoint to minimize the risk of exploitation. Avoid using the list1 parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.