CVE-2024-30622 identifies a critical stack overflow vulnerability in the Tenda FH1205 router, specifically in firmware version 2.0.0.7(775). The vulnerability arises from improper handling of the mitInterface parameter in the fromAddressNat function, which leads to a stack-based buffer overflow (CWE-121). This flaw can be triggered remotely without any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). Exploiting this vulnerability allows attackers to execute arbitrary code with the privileges of the affected device, potentially leading to full system compromise. The impact spans confidentiality, integrity, and availability, as attackers could intercept or manipulate network traffic, disrupt services, or use the device as a foothold for further network intrusion. Although no patches or official fixes have been released yet, the vulnerability has been publicly disclosed, increasing the risk of exploitation. The lack of known exploits in the wild suggests that active exploitation campaigns have not been observed, but the critical severity and ease of exploitation warrant immediate attention. The vulnerability affects a widely used consumer-grade router, which is often deployed in home and small office environments, making it a significant risk vector for both individual users and organizations relying on these devices for network connectivity.

The vulnerability allows remote attackers to execute arbitrary code on affected Tenda FH1205 routers without authentication, leading to complete compromise of the device. This can result in interception or manipulation of network traffic, disruption of internet connectivity, and potential lateral movement within internal networks. Organizations relying on these routers may face data breaches, loss of service availability, and unauthorized access to sensitive information. The critical severity and remote exploitability increase the likelihood of widespread attacks once exploit code becomes available. Additionally, compromised routers can be leveraged as part of botnets or for launching further attacks, amplifying the threat to global network infrastructure. The absence of patches exacerbates the risk, especially for users unaware of the vulnerability or unable to replace affected hardware promptly.

Until an official patch or firmware update is released, affected users and organizations should implement the following mitigations: 1) Disable remote management interfaces on the Tenda FH1205 router to prevent external exploitation attempts. 2) Segment the network to isolate the router from critical systems and sensitive data, limiting potential lateral movement. 3) Monitor network traffic for unusual patterns or signs of exploitation attempts targeting the mitInterface parameter or related NAT functions. 4) Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect potential exploitation attempts. 5) Consider replacing the affected router with a device from a vendor with a strong security track record and timely patch management. 6) Educate users about the risks and encourage regular firmware checks for updates. 7) If feasible, restrict inbound traffic to the router to trusted IP addresses only. These steps provide layered defense to reduce exposure while awaiting a vendor patch.