Tianwenqi

**Name of the Vulnerable Software and Affected Versions** Tenda AC8 version 16.03.34.06 cn TDC01 **Description** A critical vulnerability was found in the function `formSetDeviceName()`, which leads to a stack-based buffer overflow. This issue can be exploited remotely, potentially allowing an attacker to execute arbitrary code, elevate privileges, or cause a denial of service by sending a specially crafted data packet. The exploit has been disclosed to the public. **Recommendations** As a temporary workaround, consider disabling the `formSetDeviceName()` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC6 US AC6V1.0BR V15.03.05.19 **Description** A critical vulnerability was found in the function `fromDhcpListClient`, which leads to a stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This issue may allow an attacker to cause a denial of service or execute arbitrary code. **Recommendations** For Tenda AC6 US AC6V1.0BR V15.03.05.19, as a temporary workaround, consider disabling the `fromDhcpListClient` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.