CVE-2024-28547 identifies a stack overflow vulnerability in the Tenda AC18 router firmware version V15.03.05.05. The vulnerability resides in the formSetFirewallCfg function, which processes the firewallEn parameter. A stack overflow occurs when this parameter is improperly handled, allowing an attacker with network access to send specially crafted requests that overflow the stack. This can cause the device to crash or reboot, resulting in denial of service (DoS). The vulnerability does not require any privileges or user interaction, making it remotely exploitable by unauthenticated attackers within the network. The CVSS 3.1 base score is 6.5, reflecting medium severity, with attack vector as adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and impact limited to availability (A:H) without affecting confidentiality or integrity. The weakness is classified under CWE-121 (Stack-based Buffer Overflow). Currently, no public exploits or patches are available, indicating the vulnerability is newly disclosed and unmitigated. This flaw could be leveraged to disrupt network operations by causing router downtime, impacting network availability for connected users and services.

The primary impact of CVE-2024-28547 is denial of service (DoS) against Tenda AC18 routers running vulnerable firmware. Successful exploitation can cause the device to crash or reboot, interrupting network connectivity for all devices relying on the router. This can disrupt business operations, especially in environments where the router serves as a critical network gateway or firewall. Since the vulnerability does not affect confidentiality or integrity, data theft or manipulation is not a direct concern. However, the loss of availability can impact productivity, VoIP communications, and access to cloud or internal resources. Organizations with large deployments of Tenda AC18 routers, particularly in small to medium enterprises or home office environments, may experience widespread network outages if targeted. The lack of authentication requirements and user interaction lowers the barrier for attackers within the local network or adjacent networks, increasing the risk of opportunistic attacks. Although no known exploits exist yet, the vulnerability’s disclosure may prompt attackers to develop exploits, raising future risk.

To mitigate CVE-2024-28547, organizations should first restrict access to the router’s management interfaces to trusted networks only, ideally via VLAN segmentation or firewall rules that block unauthorized access. Network administrators should monitor for firmware updates from Tenda and apply patches promptly once released. In the absence of patches, consider temporarily disabling remote management features or restricting configuration changes to prevent exploitation of the vulnerable function. Employ network intrusion detection systems (NIDS) to monitor for anomalous traffic patterns targeting the firewall configuration endpoints. Regularly audit router configurations and logs for signs of suspicious activity. For critical environments, consider deploying redundant network paths or failover devices to maintain availability in case of router failure. Educate users and administrators about the vulnerability and the importance of timely updates. Finally, maintain an inventory of affected devices to prioritize remediation efforts effectively.