CVE-2023-40896

Name of the Vulnerable Software and Affected Versions Tenda AC8 version US AC8V4.0si V16.03.34.06 cn

Description The issue is related to a stack overflow vulnerability via the parameter list and bindnum at the "/goform/SetIpMacBind" API endpoint. This vulnerability can be exploited by a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations For Tenda AC8 version US AC8V4.0si V16.03.34.06 cn, as a temporary workaround, consider disabling the "/goform/SetIpMacBind" API endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the parameter list and bindnum variables in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.