CVE-2024-11061

Name of the Vulnerable Software and Affected Versions Tenda AC10 version 16.03.10.13

Description A critical vulnerability was found in the function FUN 0044db3c of the file /goform/fast setting wifi set. The manipulation of the argument timeZone leads to a stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information by sending a specially crafted POST request.

Recommendations For Tenda AC10 version 16.03.10.13, update to the latest firmware available to mitigate risks. As a temporary workaround, consider restricting access to the vulnerable function FUN 0044db3c or the file /goform/fast setting wifi set to minimize the risk of exploitation. Avoid using the parameter timeZone in the affected API endpoint until the issue is resolved.