Gd@Hillstone

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.12(4856) **Description** The issue is related to a stack overflow via the `fromSetLocalVlanInfo` function, which can allow a remote attacker to execute arbitrary code by exploiting a buffer overflow in memory. **Recommendations** For Tenda M3 version 1.0.0.12(4856), consider disabling the `fromSetLocalVlanInfo` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.12(4856) **Description** A stack overflow issue was discovered via the function `formGetWeiXinConfig`. **Recommendations** For Tenda M3 version 1.0.0.12(4856), as a temporary workaround, consider disabling the `formGetWeiXinConfig` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.12(4856) **Description** A stack overflow issue was discovered via the `upgrade` function. **Recommendations** For Tenda M3 version 1.0.0.12(4856), consider disabling the `upgrade` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tenda W9 version 1.0.0.7(4456) CN **Description** A command injection issue was discovered via the `formGetDiagnoseInfo` function. **Recommendations** For Tenda W9 version 1.0.0.7(4456) CN, consider disabling the `formGetDiagnoseInfo` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tenda W9 version 1.0.0.7(4456) CN **Description** The issue is related to a stack overflow in the `formWifiMacFilterSet` function, which can lead to a buffer overflow in memory. This can potentially allow a remote attacker to execute arbitrary code. **Recommendations** For Tenda W9 version 1.0.0.7(4456) CN, as a temporary workaround, consider disabling the `formWifiMacFilterSet` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.12(4856) **Description** The issue is related to a stack overflow via the `formDelWlRfPolicy` function, which can allow a remote attacker to execute arbitrary commands. This is due to a buffer overflow in the `formDelWlRfPolicy` function of the Tenda M3 network access controller firmware. **Recommendations** For Tenda M3 version 1.0.0.12(4856), as a temporary workaround, consider disabling the `formDelWlRfPolicy` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W9 version 1.0.0.7(4456) CN **Description** The issue is related to a stack overflow vulnerability in the `formSetUplinkInfo` function of the Tenda W9 wireless access point's firmware, allowing an attacker to execute arbitrary code remotely by exploiting the buffer overflow in memory. **Recommendations** For Tenda W9 version 1.0.0.7(4456) CN, consider disabling the `formSetUplinkInfo` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tenda W9 version 1.0.0.7(4456) CN **Description** A command injection issue exists due to the lack of neutralization of special elements in the `formexeCommand` function. This could allow a remote attacker to execute arbitrary code. **Recommendations** For Tenda W9 version 1.0.0.7(4456) CN, as a temporary workaround, consider disabling the `formexeCommand` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W9 version 1.0.0.7(4456) CN **Description** The issue exists due to the lack of neutralization of special elements in the `formSetDiagnoseInfo` function of the Tenda W9 wireless access point's firmware. This can allow a remote attacker to execute arbitrary code. The vulnerability is a command injection issue via the `formSetDiagnoseInfo` function. **Recommendations** For Tenda W9 version 1.0.0.7(4456) CN, as a temporary workaround, consider disabling the `formSetDiagnoseInfo` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W9 version 1.0.0.7(4456) CN **Description** The issue is related to a stack overflow in the `formSetAutoPing` function, which can allow an attacker to execute arbitrary code. This is due to a buffer overflow vulnerability in the Tenda W9 wireless access point's firmware. **Recommendations** For Tenda W9 version 1.0.0.7(4456) CN, as a temporary workaround, consider disabling the `formSetAutoPing` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda M3 version 1.0.0.12(4856) **Description** The issue is related to a stack overflow via the `R7WebsSecurityHandler` function, which can allow a remote attacker to execute arbitrary code. This is due to a buffer overflow vulnerability in the memory. **Recommendations** For Tenda M3 version 1.0.0.12(4856), consider disabling the `R7WebsSecurityHandler` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W30E version 16.01.0.12(4843) **Description** A stack overflow issue was discovered via the function `formRebootMeshNode()`. **Recommendations** For Tenda W30E version 16.01.0.12(4843), as a temporary workaround, consider disabling the `formRebootMeshNode()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tenda W30E version 16.01.0.12(4843) **Description** A stack overflow issue was discovered via the function formResetMeshNode. **Recommendations** For Tenda W30E version 16.01.0.12(4843), as a temporary workaround, consider disabling the formResetMeshNode function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W30E version 16.01.0.12(4843) **Description** A stack overflow issue was discovered via the function `formUpgradeMeshOnline()`. **Recommendations** For Tenda W30E version 16.01.0.12(4843), consider disabling the `formUpgradeMeshOnline()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tenda W30E version 16.01.0.12(4843) **Description** A stack overflow issue was discovered via the function `localMsg()`. **Recommendations** For Tenda W30E version 16.01.0.12(4843), consider disabling the `localMsg()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W30E version 16.01.0.12(4843) **Description** A stack overflow issue was discovered via the `UploadCfg` function. **Recommendations** For Tenda W30E version 16.01.0.12(4843), consider disabling the `UploadCfg` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AX3 version 16.03.12.11 **Description** A stack overflow issue was discovered via the function `set device name()`. **Recommendations** For Tenda AX3 version 16.03.12.11, consider disabling the `set device name()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tenda W30E version 16.01.0.12(4843) **Description** A stack overflow issue was discovered via the `set wan status` function. **Recommendations** For Tenda W30E version 16.01.0.12(4843), as a temporary workaround, consider disabling the `set wan status` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W30E version 16.01.0.12(4843) **Description** The issue is related to a stack overflow vulnerability. It occurs via the function `formDeleteMeshNode()`. **Recommendations** For Tenda W30E version 16.01.0.12(4843), as a temporary workaround, consider disabling the `formDeleteMeshNode()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W30E version 16.01.0.12(4843) **Description** The issue is related to a command injection vulnerability via the `setUmountUSBPartition` function. This vulnerability may allow a remote attacker to execute arbitrary commands. The vulnerability is also described as a buffer overflow issue in the Tenda W30E Wi-Fi router's firmware, which can be exploited to achieve remote code execution. **Recommendations** For version 16.01.0.12(4843), consider disabling the `setUmountUSBPartition` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.