CVE-2024-30604 identifies a stack overflow vulnerability in the Tenda FH1203 router firmware version 2.0.1.6. The vulnerability arises from improper handling of the 'list1' parameter in the fromDhcpListClient function, which processes DHCP client lists. A stack overflow occurs when input data exceeds the buffer capacity, overwriting adjacent memory and potentially causing the device to crash or behave unpredictably. This vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, increasing its risk profile. The CVSS v3.1 base score is 7.5, reflecting high severity primarily due to the ease of exploitation and the impact on availability. The vulnerability is classified under CWE-125 (Out-of-bounds Read), indicating that the flaw involves reading memory outside the intended buffer boundaries. Although no public exploits have been reported yet, the lack of patches and the critical nature of the flaw necessitate prompt attention. The stack overflow could lead to denial of service (DoS) conditions, disrupting network connectivity and potentially affecting dependent services. Given the nature of the device as a consumer and small business router, exploitation could impact home users, small offices, and branch networks. The absence of confidentiality or integrity impact suggests that the vulnerability does not allow data leakage or unauthorized modification but focuses on availability disruption. The technical details confirm the vulnerability was reserved and published in late March 2024, with no known mitigations or patches currently available.

The primary impact of CVE-2024-30604 is a denial of service condition caused by a stack overflow in the Tenda FH1203 router. This can lead to device crashes, network outages, and loss of connectivity for users relying on the affected routers. Organizations using these routers in critical network segments, such as small businesses or branch offices, may experience operational disruptions. The vulnerability does not compromise confidentiality or integrity, so data theft or manipulation is unlikely. However, the loss of availability can affect business continuity, remote work capabilities, and access to cloud or internal resources. The ease of remote exploitation without authentication increases the risk of automated attacks or widespread scanning by threat actors. Although no exploits are currently known in the wild, the vulnerability could be targeted in the future, especially if proof-of-concept code becomes available. The lack of patches means affected devices remain vulnerable until firmware updates are released and applied. This vulnerability could also be leveraged as part of larger attack chains, for example, to disrupt network infrastructure during broader cyber campaigns.

1. Monitor official Tenda communications and security advisories for firmware updates addressing CVE-2024-30604 and apply patches immediately upon release. 2. In the absence of patches, restrict remote access to the router’s management interfaces by implementing network segmentation and firewall rules to limit exposure to untrusted networks. 3. Disable any unnecessary services or features related to DHCP client list processing if configurable, to reduce the attack surface. 4. Employ network intrusion detection systems (NIDS) to monitor for unusual traffic patterns or attempts to exploit the 'list1' parameter remotely. 5. Consider replacing affected Tenda FH1203 routers with alternative devices from vendors with more robust security update practices if patching is delayed. 6. Educate network administrators about the vulnerability and encourage regular device inventory and firmware version audits to identify and prioritize vulnerable devices. 7. Implement network-level redundancy and failover mechanisms to mitigate the impact of potential router outages caused by exploitation. 8. Limit exposure of the router’s management interfaces to the internet or untrusted networks by using VPNs or secure management channels.