The vulnerability identified as CVE-2024-42943 affects the Tenda FH1201 router firmware version 1.2.0.14 (build 408). It is a stack overflow vulnerability triggered by the PPPOEPassword parameter within the fromAdvSetWan function. This function likely handles WAN configuration settings related to PPPoE connections. By sending a specially crafted POST request containing malicious input in the PPPOEPassword field, an attacker can overflow the stack, leading to memory corruption and ultimately causing the device to crash or reboot, resulting in a Denial of Service (DoS). The vulnerability requires no authentication or user interaction, making it remotely exploitable by any attacker with network access to the device’s management interface or WAN-facing services. The CVSS v3.1 base score is 7.5, reflecting high severity due to network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact is limited to availability, with no confidentiality or integrity loss reported. No patches or firmware updates have been published yet, and no exploits have been observed in the wild. The underlying weakness corresponds to CWE-400 (Uncontrolled Resource Consumption), indicating that the stack overflow can cause resource exhaustion and service disruption. This vulnerability highlights the risks of insufficient input validation in router firmware, especially in WAN configuration interfaces.

The primary impact of CVE-2024-42943 is the disruption of network availability due to a Denial of Service condition on affected Tenda FH1201 routers. Organizations relying on these devices for WAN connectivity or network routing may experience intermittent or prolonged outages, affecting business operations, communications, and internet access. This can be particularly damaging for small to medium enterprises or home users who depend on these routers for critical connectivity. The vulnerability could be exploited by attackers to disrupt services remotely without needing credentials or user interaction, increasing the risk of widespread impact if targeted in automated attacks. Although no data confidentiality or integrity compromise is indicated, the loss of availability can indirectly affect organizational productivity and security monitoring. The absence of patches means that affected networks remain vulnerable until mitigations or firmware updates are provided. Additionally, if attackers combine this DoS with other attack vectors, it could facilitate further exploitation or network reconnaissance.

1. Immediately restrict access to the router’s management interfaces, especially from the WAN side, by implementing firewall rules or access control lists (ACLs) to limit incoming traffic to trusted IP addresses. 2. Disable remote management features if not required, or move management interfaces to isolated management VLANs or networks. 3. Monitor network traffic for unusual POST requests targeting the fromAdvSetWan function or containing suspicious PPPOEPassword parameter values, using intrusion detection/prevention systems (IDS/IPS) or network monitoring tools. 4. Regularly audit router configurations and logs for signs of attempted exploitation or crashes. 5. Contact Tenda support or check official channels frequently for firmware updates or patches addressing this vulnerability. 6. Consider deploying alternative or backup network devices to maintain connectivity in case of DoS events. 7. Educate network administrators about this vulnerability and ensure incident response plans include steps for mitigating router DoS attacks. 8. If feasible, implement network segmentation to isolate vulnerable devices from critical infrastructure.