CVE-2024-30623 identifies a stack overflow vulnerability in the Tenda FH1205 router firmware version 2.0.0.7(775). The vulnerability resides in the handling of the page parameter within the fromDhcpListClient function. A stack overflow occurs when this parameter is improperly processed, potentially allowing an attacker to crash the device remotely. The vulnerability does not require any privileges or user interaction, and the attack vector is remote, likely via the router’s web interface or network services exposed to an attacker. The CVSS v3.1 score is 6.5, reflecting a medium severity primarily due to the impact on availability (denial of service) without affecting confidentiality or integrity. The CWE classification is CWE-121, indicating a classic stack-based buffer overflow. No patches or known exploits are currently available, but the flaw could be leveraged to disrupt network connectivity by causing router crashes. The vulnerability’s scope is limited to the affected firmware version on Tenda FH1205 devices, which are consumer-grade routers commonly used in home and small office environments.

The primary impact of this vulnerability is denial of service, as exploitation causes the router to crash, disrupting network availability. This can lead to loss of internet connectivity for users relying on the affected device, impacting business operations and personal communications. While confidentiality and integrity are not directly compromised, the loss of availability can indirectly affect organizational productivity and user experience. In environments where these routers serve as critical network gateways, the disruption could have cascading effects on connected systems. Since no authentication or user interaction is required, attackers can remotely trigger the vulnerability, increasing the risk of automated or widespread attacks. However, the lack of known exploits and the medium severity score suggest that the threat is currently moderate but warrants attention to prevent future exploitation.

To mitigate this vulnerability, organizations and users should immediately restrict remote access to the Tenda FH1205 router’s management interfaces, especially from untrusted networks. Disabling remote web management or limiting it to trusted IP addresses reduces exposure. Network segmentation can isolate the router from critical systems to minimize impact if exploited. Monitoring router logs and network traffic for unusual activity may help detect exploitation attempts. Since no official patch is currently available, users should regularly check Tenda’s support channels for firmware updates addressing this issue. As a temporary measure, rebooting the device after suspected crashes can restore service, but this does not prevent exploitation. For environments requiring high availability, consider replacing affected devices with models from vendors with timely security updates. Additionally, educating users about the risks of exposing router management interfaces to the internet is crucial.