CVE-2024-42949 identifies a stack-based buffer overflow vulnerability in the Tenda FH1201 router firmware version 1.2.0.14 (build 408). The vulnerability arises from improper handling of the qos parameter within the fromqossetting function. When a specially crafted POST request containing malicious qos parameter data is sent to the device, it causes a stack overflow, which leads to a denial of service (DoS) by crashing or destabilizing the router. This vulnerability is classified under CWE-121 (Stack-based Buffer Overflow). The attack vector is remote and requires no privileges or user interaction, making it accessible to unauthenticated attackers on the network. The CVSS v3.1 base score of 6.5 reflects a medium severity, with attack vector being adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). No patches or mitigations have been officially released at the time of publication, and no known exploits have been reported in the wild. The vulnerability primarily threatens network availability by causing router crashes or reboots, potentially disrupting connectivity for all devices relying on the affected router. The lack of authentication requirements and ease of exploitation increase the risk for networks where the device is exposed or accessible by untrusted users.

The primary impact of CVE-2024-42949 is denial of service, which can disrupt network connectivity for organizations using the affected Tenda FH1201 router firmware. This can lead to downtime of critical network infrastructure, affecting business operations, communications, and access to internet resources. Since the vulnerability does not compromise confidentiality or integrity, data theft or manipulation is not a direct concern. However, availability loss can have cascading effects, especially in environments relying on continuous network uptime such as small to medium enterprises, home offices, or branch networks. The ease of exploitation without authentication and user interaction means attackers can remotely trigger outages, potentially as part of larger denial-of-service campaigns or targeted attacks. The absence of known exploits in the wild reduces immediate risk but also indicates that organizations should proactively address the vulnerability before exploitation occurs. The lack of patches means affected users must rely on network-level mitigations or device replacement to maintain service continuity.

1. Immediately restrict network access to the Tenda FH1201 router’s management interfaces, especially blocking POST requests to QoS-related endpoints from untrusted or external networks. 2. Implement network segmentation to isolate the vulnerable router from critical systems and reduce exposure to potential attackers. 3. Monitor network traffic for anomalous POST requests targeting the qos parameter or unusual router behavior indicative of crashes or reboots. 4. If possible, disable QoS features temporarily to reduce attack surface until a firmware update is available. 5. Contact Tenda support or monitor official channels for firmware updates or patches addressing this vulnerability and apply them promptly once released. 6. Consider replacing the affected router with a device from a vendor with a stronger security track record if patching is delayed. 7. Employ intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect and block exploit attempts targeting this vulnerability. 8. Educate network administrators about the vulnerability and ensure incident response plans include procedures for handling router DoS events.