CVE-2024-30594 identifies a stack-based buffer overflow vulnerability in the Tenda FH1202 router firmware version 1.2.0.14(408). The vulnerability resides specifically in the addWifiMacFilter function, which processes the deviceMac parameter. Improper bounds checking or validation of this parameter allows an attacker with access to the network interface to send specially crafted requests that overflow the stack buffer. This overflow can lead to a denial of service condition by crashing the device or potentially enable more advanced exploitation techniques, although no such exploits are currently known. The vulnerability does not require authentication (PR:N) or user interaction (UI:N), but the attacker must have network access (AV:A), meaning remote exploitation is limited to local or VPN-connected attackers. The CVSS v3.1 base score is 6.5, reflecting medium severity primarily due to the impact on availability (A:H) without affecting confidentiality or integrity. The weakness is classified under CWE-121 (Stack-based Buffer Overflow), a common and well-understood vulnerability type. No official patches or fixes have been released as of the publication date, and no exploits have been observed in the wild. This vulnerability highlights the importance of secure input validation in embedded device firmware, particularly in network-facing functions that manage MAC filtering.

The primary impact of CVE-2024-30594 is a denial of service condition caused by a stack overflow crash in the affected Tenda FH1202 routers. This can disrupt network connectivity for users relying on the device, potentially affecting business operations or home network availability. Since the vulnerability does not compromise confidentiality or integrity, data theft or manipulation is unlikely. However, loss of availability can be critical in environments where continuous network access is essential, such as small businesses, remote offices, or IoT deployments. The requirement for network-level access limits exploitation to attackers who have already penetrated the local network or gained VPN access, reducing the risk of widespread remote attacks. Nevertheless, in poorly segmented networks or where these routers are exposed to untrusted networks, the risk increases. The lack of known exploits in the wild suggests limited current threat activity, but the absence of patches means the vulnerability remains exploitable. Organizations using this device should consider the potential for service disruption and plan accordingly.

1. Restrict network access to the router’s management interfaces by implementing strict firewall rules and network segmentation to limit exposure to trusted users only. 2. Disable or limit remote management features, especially over WAN or untrusted networks, to reduce the attack surface. 3. Monitor network traffic and device logs for unusual activity or repeated malformed requests targeting MAC filter configuration functions. 4. Regularly check for firmware updates from Tenda and apply patches promptly once available to remediate the vulnerability. 5. Consider replacing affected devices with models from vendors with a stronger security track record if patching is delayed or unavailable. 6. Employ network intrusion detection systems (NIDS) that can identify anomalous packets or malformed requests indicative of exploitation attempts. 7. Educate network administrators about the risks of local network attacks and the importance of secure device configuration and access controls.