CVE-2019-16412

Name of the Vulnerable Software and Affected Versions Tenda N301 wireless routers (affected versions not specified)

Description The issue allows attackers to trigger a device crash by setting a zero wanMTU value in the goform/setSysTools endpoint. Although the GUI enforces a prohibition on this zero value, it is not properly enforced, making the device vulnerable to crashes.

Recommendations For Tenda N301 wireless routers, avoid using a zero value for the wanMTU variable in the "goform/setSysTools" endpoint to prevent device crashes. As a temporary workaround, consider restricting access to the goform/setSysTools endpoint until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.