CVE-2023-23080

Name of the Vulnerable Software and Affected Versions Tenda CP7 versions V11.10.00.2211041403 and earlier Tenda CP3 v.10 versions V20220906024 2025 and earlier Tenda IT7-PCS versions V2209020914 and earlier Tenda IT7-LCS versions V2209020914 and earlier Tenda IT7-PRS versions V2209020908 and earlier

Description The issue is related to command injection, which can allow a remote attacker to execute arbitrary commands. This is due to the lack of data cleaning measures at the management level.

Recommendations For Tenda CP7 versions V11.10.00.2211041403 and earlier, update to a version later than V11.10.00.2211041403. For Tenda CP3 v.10 versions V20220906024 2025 and earlier, update to a version later than V20220906024 2025. For Tenda IT7-PCS versions V2209020914 and earlier, update to a version later than V2209020914. For Tenda IT7-LCS versions V2209020914 and earlier, update to a version later than V2209020914. For Tenda IT7-PRS versions V2209020908 and earlier, update to a version later than V2209020908. As a temporary workaround, consider restricting access to the affected devices until a patch is available.