CVE-2023-41559

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 1.0 V15.03.06.44 Tenda AC9 version 3.0 V15.03.06.42 multi Tenda AC5 version 1.0RTL V15.03.06.28

Description A stack overflow issue was discovered via the page parameter at the "/goform/NatStaticSetting" API endpoint. This issue affects certain Tenda router models.

Recommendations For Tenda AC7 version 1.0 V15.03.06.44, consider disabling access to the "/goform/NatStaticSetting" API endpoint until a patch is available. For Tenda AC9 version 3.0 V15.03.06.42 multi, restrict the use of the page parameter in the affected API endpoint to minimize the risk of exploitation. For Tenda AC5 version 1.0RTL V15.03.06.28, avoid using the page parameter in the "/goform/NatStaticSetting" API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.