CVE-2024-11745

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version 16.03.34.09

Description: A critical issue affects the route static check function of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. The vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of data.

Recommendations: For Tenda AC8 version 16.03.34.09, as a temporary workaround, consider disabling the route static check function until a patch is available. Restrict access to the /goform/SetStaticRouteCfg file to minimize the risk of exploitation. Avoid using the affected function in the SetStaticRouteCfg configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.