CVE-2024-50854

Name of the Vulnerable Software and Affected Versions Tenda G3 version 3.0 v15.11.0.20

Description The issue is related to a stack overflow in the formSetPortMapping function, which can be exploited to execute arbitrary code or cause a denial of service. The vulnerability is associated with a buffer overflow when processing parameters pPortMapIndex, pLanIP, pProtocl, and pWanid. This can be exploited by a remote attacker.

Recommendations For Tenda G3 version 3.0 v15.11.0.20, consider disabling the formSetPortMapping function until a patch is available to prevent potential exploitation. Restrict access to the vulnerable function to minimize the risk of arbitrary code execution or denial of service. Avoid using the parameters pPortMapIndex, pLanIP, pProtocl, and pWanid in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.