CVE-2024-30636 is a stack-based buffer overflow vulnerability identified in the Tenda F1202 router firmware version 1.2.0.20(408). The flaw exists in the formQuickIndex function, specifically when processing the PPPOEPassword parameter. An attacker can exploit this vulnerability remotely without authentication or user interaction by sending a specially crafted request containing an overly long PPPOEPassword value. This causes a stack overflow condition (classified under CWE-121), which can lead to a denial of service (DoS) by crashing the router or potentially triggering undefined behavior. The vulnerability does not impact confidentiality or integrity, as it does not allow code execution or data leakage based on current information. The CVSS v3.1 base score is 6.5, with attack vector being adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), and high availability impact (A:H). No patches or known exploits are currently available, and the vulnerability was published on March 29, 2024. Given the nature of the flaw, exploitation could disrupt network connectivity for affected users, impacting business continuity and network reliability.

The primary impact of CVE-2024-30636 is denial of service through router crashes, which can disrupt internet connectivity and network availability for individuals and organizations relying on Tenda F1202 routers. This can affect home users, small businesses, and potentially larger organizations if these devices are used in branch or remote office networks. The lack of confidentiality or integrity impact limits the risk of data breaches or unauthorized data modification. However, availability disruption can lead to operational downtime, loss of productivity, and potential secondary impacts such as inability to access critical services or perform remote work. Since no authentication is required, attackers within the adjacent network (e.g., local LAN or ISP network segment) can exploit this vulnerability, increasing risk in shared or public network environments. The absence of known exploits reduces immediate risk but also means organizations should proactively prepare for potential future attacks.

1. Monitor Tenda's official channels for firmware updates addressing this vulnerability and apply patches promptly once available. 2. Restrict remote management interfaces and disable unnecessary services on Tenda F1202 routers to reduce attack surface. 3. Implement network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data. 4. Use intrusion detection/prevention systems (IDS/IPS) to monitor for anomalous traffic patterns or malformed requests targeting the PPPOEPassword parameter. 5. Regularly audit router configurations and logs for signs of crashes or suspicious activity. 6. Consider replacing affected routers with models from vendors with stronger security track records if patching is delayed. 7. Educate network administrators about this vulnerability and encourage rapid incident response to any detected exploitation attempts. 8. Limit physical and network access to the router to trusted personnel and devices only.