Chenjun Ma

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 15.03.06.49 multi TDE01 **Description** A critical issue has been identified in the `fromDhcpListClient` function, which can be exploited remotely. The manipulation of the `page/listN` argument leads to a stack-based buffer overflow. This can potentially impact the confidentiality, integrity, and availability of protected information. The exploit has been disclosed publicly. **Recommendations** As a temporary workaround, consider disabling the `fromDhcpListClient` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the `page/listN` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 15.03.06.49 multi TDE01 **Description** The issue affects the `setSmartPowerManagement` function and is related to a stack-based buffer overflow caused by the manipulation of the `time` argument. This can be exploited remotely, potentially impacting the confidentiality, integrity, and availability of protected information. **Recommendations** For Tenda AC10U version 15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the `setSmartPowerManagement` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the `time` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 15.03.06.49 multi TDE01 **Description** The issue is related to the function `formWifiWpsOOB` and involves a stack-based buffer overflow due to the manipulation of the `index` argument. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed publicly. **Recommendations** For Tenda AC10U version 15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the `formWifiWpsOOB` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the `index` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 15.03.06.49 multi TDE01 **Description** A critical issue affects the `fromNatStaticSetting` function, allowing for a stack-based buffer overflow through the manipulation of the `page` argument. This can be exploited remotely, potentially impacting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed publicly. **Recommendations** For Tenda AC10U version 15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the `fromNatStaticSetting` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the `page` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 15.03.06.49 multi TDE01 **Description** A critical issue has been found in the function `formSetDeviceName`, which is related to a stack-based buffer overflow due to the manipulation of the argument `devName`. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed to the public. **Recommendations** For Tenda AC10U version 15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the `formSetDeviceName` function until a patch is available. Restrict access to the `devName` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 15.03.06.49 multi TDE01 **Description** A critical vulnerability has been found in the function `formSetVirtualSer`, which is related to a stack-based buffer overflow due to the manipulation of the argument list. This issue can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed to the public. **Recommendations** For Tenda AC10U version 15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the `formSetVirtualSer` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 15.03.06.49 multi TDE01 **Description** A critical vulnerability was found in the function `formQuickIndex` of the Tenda AC10U router's firmware. The manipulation of the argument `PPPOEPassword` leads to a stack-based buffer overflow. This issue can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed to the public. **Recommendations** For Tenda AC10U version 15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the `formQuickIndex` function until a patch is available. Restrict access to the `PPPOEPassword` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 15.03.06.49 multi TDE01 **Description** A critical vulnerability was found in the Tenda AC10U, affecting the function formSetPPTPServer. The manipulation of the `startIp` argument leads to a stack-based buffer overflow. This issue can be exploited remotely, potentially impacting the confidentiality, integrity, and availability of protected information. **Recommendations** For Tenda AC10U version 15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the formSetPPTPServer function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the `startIp` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U versions 15.03.06.49 multi TDE01 **Description** The issue is related to a buffer overflow vulnerability in the fromAddressNat function of the Tenda AC10U router's firmware. This vulnerability can be exploited remotely, potentially allowing an attacker to impact the confidentiality, integrity, and availability of protected information. The manipulation of the `entrys/mitInterface/page` argument leads to a stack-based buffer overflow. **Recommendations** For version 15.03.06.49 multi TDE01, consider disabling the `fromAddressNat` function until a patch is available to prevent exploitation. Restrict access to the `entrys/mitInterface/page` argument in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 15.03.06.49 multi TDE01 **Description** The issue is related to a critical vulnerability in the SetWirelessRepeat function of the Tenda AC10U router's firmware, which is associated with a stack-based buffer overflow. This can be triggered by manipulating the `wpapsk crypto` argument, allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. The exploit has been disclosed publicly. **Recommendations** For Tenda AC10U version 15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the `fromSetWirelessRepeat` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the `wpapsk crypto` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10U version 15.03.06.49 multi TDE01 **Description** The issue is related to a critical vulnerability affecting the `saveParentControlInfo` function, which is associated with a stack-based buffer overflow. This can be exploited remotely by manipulating the `deviceId`, `time`, or `urls` arguments, potentially impacting the confidentiality, integrity, and availability of protected information. The exploit has been disclosed publicly. **Recommendations** For Tenda AC10U version 15.03.06.49 multi TDE01, as a temporary workaround, consider disabling the `saveParentControlInfo` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using the `deviceId`, `time`, or `urls` arguments in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda A15 version 15.13.07.13 **Description** A critical issue affects the Web-based Management Interface of the Tenda A15, specifically the file `/goform/SetOnlineDevName`. The manipulation of the `devName` argument leads to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been disclosed publicly. **Recommendations** For Tenda A15 version 15.13.07.13, as a temporary workaround, consider disabling the `/goform/SetOnlineDevName` endpoint until a patch is available. Restrict access to the Web-based Management Interface to minimize the risk of exploitation. Avoid using the `devName` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda A15 version 15.13.07.13 **Description** A critical vulnerability has been found in the Web-based Management Interface of Tenda A15. The issue is related to a stack-based buffer overflow caused by the manipulation of the `mac` argument in the `/goform/SetOnlineDevName` file. This can be exploited remotely, potentially allowing an attacker to execute arbitrary code. The exploit has been disclosed publicly. **Recommendations** For Tenda A15 version 15.13.07.13, as a temporary workaround, consider restricting access to the `/goform/SetOnlineDevName` endpoint until a patch is available. Additionally, avoid using the `mac` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda A15 version 15.13.07.13 **Description** A critical issue affects the function `set repeat5` of the file `/goform/WifiExtraSet` in the Web-based Management Interface component. The manipulation of the argument `wpapsk crypto2 4g` or `wpapsk crypto5g` leads to a stack-based buffer overflow. This can be initiated remotely, allowing an attacker to potentially execute arbitrary code. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** For Tenda A15 version 15.13.07.13, as a temporary workaround, consider disabling the `set repeat5` function until a patch is available. Restrict access to the `/goform/WifiExtraSet` file to minimize the risk of exploitation. Avoid using the arguments `wpapsk crypto2 4g` and `wpapsk crypto5g` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda A15 version 15.13.07.13 **Description** A critical issue affects the Web-based Management Interface of the Tenda A15, specifically an unknown part of the file /goform/setBlackRule. The manipulation of the `deviceList` argument leads to a stack-based buffer overflow. This can be initiated remotely, allowing potential execution of arbitrary code. The exploit has been disclosed publicly. **Recommendations** For Tenda A15 version 15.13.07.13, as a temporary workaround, consider restricting access to the `/goform/setBlackRule` API endpoint until a patch is available. Additionally, avoid using the `deviceList` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.