Ixout

**Name of the Vulnerable Software and Affected Versions** Tenda AC1206 versions up to 15.03.06.23 **Description** The issue is related to the `ate iwpriv set()` and `ate ifconfig set()` functions in the `/goform/ate` file of the Tenda AC1206 router's firmware. It allows for command injection due to inadequate data sanitization on the management level. This can be exploited by a remote attacker to execute arbitrary commands. The attack can be initiated remotely. **Recommendations** For Tenda AC1206 versions up to 15.03.06.23, restrict access to the admin interfaces and consider disabling the `ate iwpriv set()` and `ate ifconfig set()` functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.