CVE-2023-2923

Name of the Vulnerable Software and Affected Versions Tenda AC6 US AC6V1.0BR V15.03.05.19

Description A critical vulnerability was found in the function fromDhcpListClient, which leads to a stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This issue may allow an attacker to cause a denial of service or execute arbitrary code.

Recommendations For Tenda AC6 US AC6V1.0BR V15.03.05.19, as a temporary workaround, consider disabling the fromDhcpListClient function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.