CVE-2024-42941 is a stack-based buffer overflow vulnerability identified in the Tenda FH1201 router firmware version 1.2.0.14 (build 408). The vulnerability resides in the fromAdvSetWan function, which processes the wanmode parameter received via HTTP POST requests. Improper handling of this parameter allows an attacker to overflow the stack, leading to memory corruption. This can cause the router to crash or reboot unexpectedly, resulting in a Denial of Service (DoS). The vulnerability can be exploited remotely without authentication or user interaction, as the affected function is accessible over the WAN interface. The weakness is classified under CWE-121 (Stack-based Buffer Overflow). The CVSS v3.1 score of 7.5 indicates a high severity level, primarily due to the network attack vector, low attack complexity, and the complete loss of availability upon successful exploitation. No patches or official fixes have been published at the time of disclosure, and no active exploits have been observed in the wild. However, the vulnerability poses a significant threat to network stability and availability for users of the affected router model.

The primary impact of CVE-2024-42941 is the disruption of network services due to Denial of Service conditions caused by router crashes or reboots. Organizations relying on Tenda FH1201 routers for internet connectivity or network routing may experience intermittent or prolonged outages, affecting business operations, communications, and access to critical resources. The vulnerability does not compromise confidentiality or integrity directly but can indirectly affect operational continuity. In environments where network availability is critical, such as small to medium enterprises, branch offices, or home offices using this router, the impact can be significant. Additionally, attackers could leverage this DoS condition as part of a larger attack strategy, such as distracting defenders or creating network instability. The lack of authentication requirement and remote exploitability increase the risk of widespread exploitation, especially if automated scanning tools identify vulnerable devices.

1. Immediate mitigation involves restricting WAN-side access to the router's management interface to trusted IP addresses or disabling remote management if not required. 2. Network administrators should implement firewall rules to block unsolicited POST requests targeting the vulnerable endpoint or parameter. 3. Monitor network traffic for unusual POST requests containing abnormal or oversized wanmode parameters. 4. Segregate vulnerable devices on isolated network segments to limit exposure. 5. Regularly check for firmware updates or security advisories from Tenda and apply patches promptly once available. 6. Consider replacing affected routers with models from vendors with a strong security track record if timely patches are not provided. 7. Employ network intrusion detection systems (NIDS) with signatures or heuristics to detect exploitation attempts targeting this vulnerability. 8. Educate network personnel about this vulnerability to ensure rapid response to any signs of exploitation.