CVE-2024-41461 is a stack-based buffer overflow vulnerability identified in the Tenda FH1201 router firmware version 1.2.0.14. The vulnerability arises from improper bounds checking on the 'list1' parameter within the ip/goform/DhcpListClient endpoint. This flaw allows an unauthenticated remote attacker to send specially crafted requests that overflow the stack buffer, potentially leading to arbitrary code execution. The vulnerability is classified under CWE-787 (Out-of-bounds Write) and has a CVSS 3.1 base score of 9.8, indicating critical severity. The attack vector is network-based (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), making exploitation straightforward. Successful exploitation compromises confidentiality, integrity, and availability of the device, enabling attackers to take full control, disrupt network operations, or pivot to internal networks. There are currently no patches or official mitigations released by the vendor, and no known exploits have been detected in the wild. The vulnerability affects the firmware version 1.2.0.14, but the exact range of affected versions is unspecified. Given the critical nature and the common use of Tenda routers in various regions, this vulnerability poses a significant risk to network security.

The impact of CVE-2024-41461 is severe for organizations using the Tenda FH1201 router, particularly those exposing the device's management interface to untrusted networks. Exploitation can lead to full device compromise, allowing attackers to execute arbitrary code, disrupt network connectivity, intercept or manipulate traffic, and potentially launch further attacks within the internal network. This can result in data breaches, service outages, and loss of control over critical network infrastructure. The vulnerability's ease of exploitation and lack of required authentication increase the likelihood of automated attacks once exploit code becomes available. Organizations relying on this router model in enterprise, SMB, or ISP environments face heightened risk, especially if devices are deployed in perimeter or sensitive network segments. The absence of patches exacerbates the threat, making mitigation and detection critical to prevent exploitation.

Given the absence of official patches, organizations should implement immediate compensating controls. First, restrict access to the router's management interface by limiting it to trusted internal networks and disabling remote management if enabled. Employ network segmentation and firewall rules to block unauthorized traffic to the ip/goform/DhcpListClient endpoint. Monitor network traffic for anomalous requests targeting the 'list1' parameter or unusual HTTP POST activity to the vulnerable endpoint. Consider deploying intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect exploitation attempts. Where possible, replace or upgrade affected devices to models or firmware versions not impacted by this vulnerability once available. Regularly check vendor advisories for patches or updates. Additionally, conduct internal audits to identify all Tenda FH1201 devices and assess exposure. Educate network administrators about the vulnerability and signs of compromise to enhance detection and response capabilities.