Aixiao0621

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** A stack overflow issue was discovered via the `schedEndTime` parameter in the `setSchedWifi` function. This issue can be exploited, potentially allowing attackers to execute arbitrary code. **Recommendations** For Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01, as a temporary workaround, consider restricting access to the `setSchedWifi` function until a patch is available. Avoid using the `schedEndTime` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** A stack overflow issue was discovered via the `timeZone` parameter in the `fromSetSysTime` function. This issue can be exploited, potentially leading to unauthorized access or control. **Recommendations** For Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01, consider disabling the `fromSetSysTime` function or restricting access to the `timeZone` parameter until a patch is available. As a temporary workaround, avoid using the `timeZone` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** A stack overflow issue was discovered via the `domain` parameter in the `add white node` function. This issue can be exploited, potentially leading to security breaches. **Recommendations** For Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01, consider disabling the `add white node` function until a patch is available to prevent potential exploitation via the `domain` parameter. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** A stack overflow issue was discovered via the `security` parameter in the `formWifiBasicSet` function. This issue can be exploited, potentially leading to unauthorized access or control. **Recommendations** For Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01, consider disabling the `formWifiBasicSet` function until a patch is available to prevent potential exploitation via the `security` parameter.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** A stack overflow issue was discovered via the `speed dir` parameter in the `formSetSpeedWan` function. This allows for potential exploitation. **Recommendations** For Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01, consider disabling the `formSetSpeedWan` function as a temporary workaround until a patch is available. Restrict access to the `speed dir` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** A stack overflow issue was discovered via the `ssid` parameter in the `form fast setting wifi set` function. This issue can be exploited, potentially leading to unauthorized access or control. **Recommendations** For Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01, consider disabling the `form fast setting wifi set` function until a patch is available to prevent exploitation via the `ssid` parameter. Restrict access to the WiFi settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** The issue is related to a stack overflow in the `addWifiMacFilter` function, specifically via the `deviceId` parameter. This can potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01, consider disabling the `addWifiMacFilter` function until a patch is available to prevent exploitation via the `deviceId` parameter. Restrict access to this function to minimize the risk of remote attackers leveraging the stack overflow vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** The issue is related to multiple stack overflows in the `formSetMacFilterCfg` function, which can be exploited via the `macFilterType` and `deviceList` parameters. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01, consider disabling the `formSetMacFilterCfg` function until a patch is available. Restrict access to the parameters `macFilterType` and `deviceList` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** The issue is related to a stack overflow via the `formSetClientState` function, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. This is a result of a buffer overflow in the memory. **Recommendations** For Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the `formSetClientState` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** The issue is related to a stack overflow in the `GetParentControlInfo()` function when handling the `mac` parameter. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Tenda AC10U version 1.0 US AC10UV1.0RTL V15.03.06.49 multi TDE01, consider disabling the `GetParentControlInfo()` function as a temporary workaround until a patch is available. Restrict access to the `mac` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version US AC10UV1.0RTL V15.03.06.49 multi TDE01 **Description** A stack overflow issue was discovered in the `fromSetIpMacBind` function, related to the `list` parameter. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** As a temporary workaround, consider disabling the `fromSetIpMacBind` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.