CVE-2024-28537 is a stack overflow vulnerability identified in the Tenda AC18 router firmware version V15.03.05.05. The flaw exists in the fromNatStaticSetting function, specifically in the processing of the 'page' parameter. A stack overflow occurs when the input to this parameter exceeds expected bounds, leading to memory corruption. This vulnerability is exploitable remotely over the network without requiring authentication or user interaction, making it highly accessible to attackers. Successful exploitation can result in arbitrary code execution with the privileges of the affected process, potentially allowing attackers to take full control of the router. This could enable interception or manipulation of network traffic, disruption of network services, or use of the device as a foothold for further attacks within the network. The vulnerability is classified under CWE-125 (Out-of-bounds Read), indicating improper bounds checking. The CVSS v3.1 base score of 9.8 reflects the critical nature of this vulnerability, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). As of the publication date, no patches or official fixes have been released by Tenda, and no exploits have been observed in the wild. This leaves affected devices exposed to potential attacks, especially in environments where these routers are deployed in critical network roles.

The impact of CVE-2024-28537 is severe for organizations using Tenda AC18 routers. Exploitation can lead to complete compromise of the router, allowing attackers to intercept, modify, or block network traffic, which threatens confidentiality and integrity of data. The availability of network services can also be disrupted, causing operational downtime. Since the router often serves as a gateway device, attackers gaining control can pivot into internal networks, escalating risks to connected systems and sensitive data. This vulnerability could be leveraged in targeted attacks against enterprises, government agencies, or critical infrastructure relying on these routers. The lack of authentication and user interaction requirements significantly lowers the barrier for exploitation, increasing the likelihood of attacks. Additionally, compromised routers can be recruited into botnets or used to launch distributed denial-of-service (DDoS) attacks, amplifying the threat beyond the immediate victim. Organizations with remote or unmanaged Tenda AC18 devices face heightened exposure, especially if devices are internet-facing or poorly segmented.

Organizations should immediately identify and inventory all Tenda AC18 routers running firmware version V15.03.05.05 or earlier. Until an official patch is released, network administrators should restrict access to the router management interfaces by implementing network segmentation and firewall rules to limit exposure to trusted IP addresses only. Disabling remote management features and UPnP on affected devices can reduce attack surface. Monitoring network traffic for unusual activity or signs of exploitation attempts is critical. Employing intrusion detection/prevention systems (IDS/IPS) with updated signatures may help detect exploitation attempts. Where possible, replace vulnerable devices with alternative hardware from vendors with timely security updates. Engage with Tenda support channels to obtain information on forthcoming patches and apply them promptly once available. Additionally, maintain robust network segmentation to prevent lateral movement if a device is compromised. Regularly update and audit network device configurations and firmware to minimize exposure to known vulnerabilities.