CVE-2018-14492

Name of the Vulnerable Software and Affected Versions Tenda AC7 versions through V15.03.06.44 CN Tenda AC9 versions through V15.03.05.19(6318) CN Tenda AC10 versions through V15.03.06.23 CN

Description The issue is related to a Stack-based Buffer Overflow that can be triggered by sending a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.

Recommendations For Tenda AC7 versions through V15.03.06.44 CN, avoid using the limitSpeed or limitSpeedup parameters in the affected API endpoint until the issue is resolved. For Tenda AC9 versions through V15.03.05.19(6318) CN, restrict access to the /goform URI to minimize the risk of exploitation. For Tenda AC10 versions through V15.03.06.23 CN, consider disabling the functionality that processes the limitSpeed and limitSpeedup parameters until a patch is available.