CVE-2024-42950 identifies a stack overflow vulnerability in the Tenda FH1201 router firmware version 1.2.0.14 (build 408). The vulnerability arises from improper handling of the Go parameter within the fromSafeClientFilter function, which processes incoming POST requests. An attacker can craft a specially designed POST request that triggers a stack overflow condition, leading to a Denial of Service (DoS) by crashing or rebooting the device. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, making it accessible to any attacker with network access to the device. The CVSS v3.1 base score is 7.5, reflecting high severity primarily due to the ease of exploitation and the impact on availability. The weakness is classified under CWE-400, indicating resource exhaustion or DoS conditions. Currently, no patches or mitigations have been officially released, and no public exploits have been observed in the wild. The affected device is a consumer-grade router commonly used in home and small office environments, which may be exposed to the internet or internal networks. Successful exploitation results in service disruption, potentially impacting network connectivity and dependent services.

The primary impact of CVE-2024-42950 is a Denial of Service condition on affected Tenda FH1201 routers, which can disrupt network availability for users relying on these devices. For organizations, this can lead to loss of internet connectivity, interruption of business operations, and potential cascading effects on dependent systems and services. Since the vulnerability does not affect confidentiality or integrity, data theft or manipulation is not a direct concern. However, the ease of remote exploitation without authentication increases the risk of widespread disruption, especially if attackers scan for vulnerable devices on public or private networks. In environments where these routers serve as critical network gateways, the DoS could result in significant operational downtime. Additionally, the lack of patches and public exploits may encourage attackers to develop and deploy exploits, increasing future risk. The vulnerability could also be leveraged as part of larger multi-stage attacks or to distract defenders during other malicious activities.

To mitigate CVE-2024-42950, organizations and users should first monitor Tenda’s official channels for firmware updates or patches addressing this vulnerability and apply them promptly once available. In the absence of patches, network administrators should restrict access to the router’s management interfaces by implementing firewall rules that limit incoming POST requests to trusted IP addresses only. Deploying network intrusion detection or prevention systems (IDS/IPS) with signatures or anomaly detection for unusual POST request patterns targeting the Go parameter can help detect or block exploitation attempts. Segmentation of networks to isolate vulnerable devices from untrusted networks, including the internet, reduces exposure. Regularly auditing and hardening router configurations, disabling unnecessary services, and changing default credentials further reduce attack surface. For high-risk environments, consider replacing affected devices with models that have active security support. Finally, maintaining comprehensive network monitoring and incident response capabilities will help quickly identify and respond to exploitation attempts.