CVE-2024-57579

Name of the Vulnerable Software and Affected Versions Tenda AC18 version V15.03.05.19

Description The issue is related to a stack overflow in the formSetClientState function when handling the limitSpeedUp parameter. This can be exploited by a remote attacker to cause a denial of service or execute arbitrary code using a specially crafted POST request to the /formSetClientState endpoint, which is not explicitly mentioned but implied through the function name. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For Tenda AC18 version V15.03.05.19, as a temporary workaround, consider disabling the formSetClientState function until a patch is available. Restrict access to the limitSpeedUp parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.