Tenda · Tenda Ac9 · CVE-2020-20746
Name of the Vulnerable Software and Affected Versions:
Tenda AC9 version V15.03.06.60 EN
Description:
A stack-based buffer overflow in the httpd server allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to "/goform/SetStaticRouteCfg".
Recommendations:
For Tenda AC9 version V15.03.06.60 EN, as a temporary workaround, consider restricting access to the "/goform/SetStaticRouteCfg" endpoint until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.