CVE-2024-7613

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 1.2.0.8(8155)

Description: A critical issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to a buffer overflow. This can be exploited remotely, allowing an attacker to execute arbitrary commands or cause a denial of service.

Recommendations: For Tenda FH1206 version 1.2.0.8(8155), as a temporary workaround, consider disabling the fromGstDhcpSetSer function until a patch is available. Restrict access to the /goform/GstDhcpSetSer endpoint to minimize the risk of exploitation. Avoid using the dips argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.