Johnathanhuutri

**Name of the Vulnerable Software and Affected Versions** Tenda AC10V4.0 version 16.03.10.20 **Description** A buffer overflow condition exists in the `fromAdvSetMacMtuWan` function within the httpd binary. This allows remote attackers to potentially cause a denial of service or even execute code. The issue is triggered by sending a crafted post request with a malicious payload in the `serviceName` field to the '/goform/AdvSetMacMtuWan' API endpoint. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the '/goform/AdvSetMacMtuWan' API endpoint until a patch is available. Restrict access to the httpd binary to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda AC10V4.0 version 16.03.10.20 **Description** A buffer overflow condition exists in the `fromAdvSetMacMtuWan` function within the bin httpd component. This can be triggered by sending a crafted POST request, specifically manipulating the `serverName` field, to the '/goform/AdvSetMacMtuWan' API endpoint. Successful exploitation may lead to a denial of service or potentially allow for code execution. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/goform/AdvSetMacMtuWan' API endpoint.