CVE-2023-37712

Name of the Vulnerable Software and Affected Versions Tenda AC1206 version 15.03.06.23 Tenda F1202 version 1.2.0.20(408) Tenda FH1202 version 1.2.0.20(408)

Description The issue is related to a stack overflow in the page parameter in the fromSetIpBind function, which can allow a remote attacker to execute arbitrary code. This is due to a buffer overflow vulnerability in the firmware of the affected devices.

Recommendations For Tenda AC1206 version 15.03.06.23, consider disabling the fromSetIpBind function until a patch is available. For Tenda F1202 version 1.2.0.20(408), restrict access to the page parameter in the affected function to minimize the risk of exploitation. For Tenda FH1202 version 1.2.0.20(408), avoid using the page parameter in the fromSetIpBind function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.