CVE-2024-30585 identifies a stack overflow vulnerability in the Tenda FH1202 router firmware version 1.2.0.14(408). The vulnerability is located in the saveParentControlInfo function, specifically in the handling of the deviceId parameter. A stack overflow occurs when the input to this parameter exceeds the buffer size allocated on the stack, leading to memory corruption. This type of vulnerability is classified under CWE-121 (Stack-based Buffer Overflow). The flaw can be triggered remotely over the network without requiring any authentication or user interaction, making it accessible to unauthenticated attackers. Exploitation of this vulnerability does not compromise confidentiality or integrity but results in a denial of service (DoS) condition by crashing or rebooting the device, thereby disrupting network availability. The CVSS v3.1 base score is 6.5, reflecting medium severity with attack vector as adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and impact limited to availability (A:H). No public exploits or patches are currently available, indicating the need for vigilance and proactive mitigation. The affected product is a consumer or small office router, commonly deployed in various regions, especially in Asia and some European markets. The vulnerability highlights the risks of insufficient input validation in embedded device firmware, which can be leveraged to disrupt network infrastructure.

The primary impact of CVE-2024-30585 is a denial of service condition on affected Tenda FH1202 routers. Organizations using these routers may experience unexpected device crashes or reboots, leading to network outages or degraded connectivity. This can disrupt business operations, especially in environments where these routers serve as critical network gateways or access points. Since the vulnerability does not affect confidentiality or integrity, data theft or manipulation is unlikely. However, the loss of availability can impact productivity, remote access, VoIP services, and other network-dependent functions. The ease of exploitation without authentication or user interaction increases the risk of automated attacks or wormable scenarios within the local network or adjacent network segments. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once the vulnerability details are public. Organizations with limited network segmentation or exposure of router management interfaces to untrusted networks are particularly vulnerable. The impact is more pronounced in small to medium enterprises and home networks relying on this specific router model without alternative redundancy.

1. Monitor the vendor’s official channels for firmware updates or patches addressing CVE-2024-30585 and apply them promptly once available. 2. Restrict access to the router’s management interface by limiting it to trusted internal networks and disabling remote management features if not required. 3. Implement network segmentation to isolate critical systems from devices running vulnerable firmware, reducing the attack surface. 4. Employ network intrusion detection or prevention systems (IDS/IPS) to monitor for anomalous traffic patterns targeting the saveParentControlInfo function or suspicious deviceId parameter inputs. 5. Regularly audit and update router configurations to follow security best practices, including strong administrative credentials and disabling unnecessary services. 6. Consider replacing affected devices with models from vendors with a stronger security track record if patches are delayed or unavailable. 7. Educate network administrators about the risks of buffer overflow vulnerabilities and the importance of timely patch management. 8. Use network access control (NAC) solutions to prevent unauthorized devices from connecting to sensitive network segments where vulnerable routers operate.