Digitalandrew

**Name of the Vulnerable Software and Affected Versions** Tenda AC8 versions through 16.03.50.11 **Description** A weakness exists in the Tenda AC8. This issue affects the `doSystemCmd` function within the `/goform/SysToolChangePwd` file of the HTTP Endpoint component. Manipulation of the `local 2c` argument leads to a stack-based buffer overflow. The attack can be initiated remotely. A public exploit is available. **Recommendations** Versions through 16.03.50.11 should be updated to a newer, fixed version when available. As a temporary workaround, consider restricting access to the `/goform/SysToolChangePwd` file or disabling the `doSystemCmd` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tenda AC8 version 16.03.50.11 **Description** A security issue exists in Tenda AC8 version 16.03.50.11. The issue affects the `route set user policy rule` function within the `/cgi-bin/UploadCfg` file of the Web Interface component. Manipulation of the `wans.policy.list1` argument can lead to operating system command injection. The attack can be launched remotely. An exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC8 version 16.03.50.11 **Description** A flaw exists in the IPv6 Handler component of the software, specifically within the `check is ipv6` function. This issue allows for authentication bypass by relying on IP address manipulation. The attack can be initiated remotely. It is estimated that over 50 million Tenda routers are potentially affected. A public proof-of-concept (PoC) exploit is available. The vulnerability involves IPv6 spoofing. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the IPv6 Handler component until a patch is available.