CVE-2024-10434

Name of the Vulnerable Software and Affected Versions Tenda AC1206 versions up to 20241027

Description The issue is related to a stack-based buffer overflow in the ate Tenda mfg check usb() and ate Tenda mfg check usb3() functions, located in the /goform/ate file of the Tenda AC1206 router's firmware. This occurs when the arg parameter is manipulated, allowing a remote attacker to potentially execute arbitrary code or cause a denial of service.

Recommendations For Tenda AC1206 versions up to 20241027, as a temporary workaround, consider disabling the ate Tenda mfg check usb() and ate Tenda mfg check usb3() functions until a patch is available. Restrict access to the /goform/ate endpoint to minimize the risk of exploitation. Avoid using the arg parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.