CVE-2024-10281

Name of the Vulnerable Software and Affected Versions: Tenda RX9 and RX9 Pro versions 22.03.02.10 through 22.03.02.20

Description: A critical vulnerability has been found, affecting the function sub 42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to a stack-based buffer overflow. This issue can be exploited remotely by sending a specially crafted POST request, potentially allowing an attacker to cause a denial of service. The exploit has been disclosed publicly.

Recommendations: For Tenda RX9 and RX9 Pro versions 22.03.02.10 through 22.03.02.20, consider disabling the sub 42EEE0 function as a temporary workaround until a patch is available. Restrict access to the /goform/SetStaticRouteCfg file to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.