CVE-2024-42986 identifies a stack overflow vulnerability in the Tenda FH1206 router firmware version v02.03.01.35. The vulnerability arises from improper handling of the PPPOEPassword parameter within the fromAdvSetWan function. When a specially crafted POST request containing malicious input in this parameter is sent to the device, it triggers a stack overflow condition. This overflow can corrupt the execution stack, leading to a crash or reboot of the router, effectively causing a Denial of Service (DoS). The vulnerability is remotely exploitable without requiring any authentication or user interaction, increasing its risk profile. The Common Weakness Enumeration (CWE) associated is CWE-787, which relates to out-of-bounds writes, a common cause of stack overflows. The CVSS v3.1 base score is 7.5, reflecting high severity due to network attack vector, low attack complexity, no privileges required, and no user interaction needed. While no exploits have been observed in the wild, the vulnerability could be leveraged by attackers to disrupt network connectivity for affected users. The lack of available patches means that mitigation currently relies on network defenses and monitoring for suspicious POST requests targeting the vulnerable parameter.

The primary impact of CVE-2024-42986 is a Denial of Service condition on affected Tenda FH1206 routers. This can disrupt internet connectivity for individuals and organizations relying on these devices, potentially affecting business operations, remote work, and critical communications. In environments where these routers serve as gateways or are part of larger network infrastructures, the DoS could cascade, impacting multiple users or services. The vulnerability does not directly compromise confidentiality or integrity but severely affects availability. Given the ease of exploitation without authentication, attackers can remotely target vulnerable devices en masse, possibly leading to widespread outages. This could be particularly damaging for small businesses, home offices, and regions where Tenda devices are prevalent and alternative connectivity options are limited. Additionally, disruption of network services could indirectly facilitate other attacks by creating distractions or forcing users to connect through less secure fallback methods.

Since no official patches are currently available for this vulnerability, organizations should implement the following specific mitigations: 1) Restrict access to the router’s management interface by limiting exposure to trusted internal networks only, blocking WAN-side access to administrative endpoints. 2) Deploy network-level intrusion detection or prevention systems (IDS/IPS) configured to detect and block anomalous POST requests targeting the PPPOEPassword parameter or unusual traffic patterns to the router’s web management interface. 3) Monitor router logs and network traffic for signs of repeated malformed POST requests or crashes indicative of exploitation attempts. 4) Where possible, replace or upgrade affected Tenda FH1206 devices to models with updated firmware or from vendors with timely security support. 5) Educate users about the risks of exposing router management interfaces to the internet and encourage strong network segmentation practices. 6) Maintain regular backups of router configurations to enable rapid recovery if a device is forced offline. These steps will reduce the attack surface and improve detection until a firmware update is released.