CVE-2024-8227

Name of the Vulnerable Software and Affected Versions Tenda O1 version 1.0.0.7(10648)

Description A critical issue affects the fromDhcpSetSer function of the file /goform/DhcpSetSer, allowing a remote attacker to exploit a stack-based buffer overflow vulnerability. The manipulation of the arguments dhcpStartIp, dhcpEndIp, dhcpGw, dhcpMask, dhcpLeaseTime, dhcpDns1, and dhcpDns2 leads to this issue. The exploit has been disclosed to the public and may be used. The attack may be launched remotely.

Recommendations As a temporary workaround, consider disabling the fromDhcpSetSer function until a patch is available. Restrict access to the /goform/DhcpSetSer file to minimize the risk of exploitation. Avoid using the parameters dhcpStartIp, dhcpEndIp, dhcpGw, dhcpMask, dhcpLeaseTime, dhcpDns1, and dhcpDns2 in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.