CVE-2024-8228

Name of the Vulnerable Software and Affected Versions Tenda O5 version 1.0.0.8(5017)

Description The issue is related to a stack-based buffer overflow in the fromSafeSetMacFilter function of the /goform/setMacFilterList file. This can be exploited remotely, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The manipulation of the remark, type, or time arguments leads to the buffer overflow. The exploit has been disclosed publicly, and the vendor was contacted but did not respond.

Recommendations As a temporary workaround, consider disabling the fromSafeSetMacFilter function until a patch is available. Restrict access to the /goform/setMacFilterList file to minimize the risk of exploitation. Avoid using the remark, type, or time arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.