Ghostsuzhijian

**Name of the Vulnerable Software and Affected Versions** Tenda DAP-1520 version 1.10B04 BETA02 **Description** A critical issue has been found, affecting the `set ws action` function of the `/dws/api/` file, leading to a heap-based buffer overflow. This can be initiated remotely. **Recommendations** For Tenda DAP-1520 version 1.10B04 BETA02, as a temporary workaround, consider disabling the `set ws action` function until a patch is available. Restrict access to the `/dws/api/` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC9 version 15.03.05.14 **Description** A command injection issue was found via the Telnet function. **Recommendations** For Tenda AC9 version 15.03.05.14, consider disabling the Telnet function until a patch is available.