K3Vg3N

**Name of the Vulnerable Software and Affected Versions** Tenda TDSEE App versions 1.7.12 and earlier **Description** A vulnerability was found in the Tenda TDSEE App, affecting an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. This leads to improper restriction of excessive authentication attempts. The attack can be launched remotely, but the complexity of an attack is rather high, and the exploitation appears to be difficult. **Recommendations** For Tenda TDSEE App versions 1.7.12 and earlier, upgrade to version 1.7.15 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Tenda CP3 version 11.10.00.2311090948 **Description** A critical issue has been found, affecting the function `sub F3C8C` of the file `apollo`, leading to command injection. The attack can be launched remotely. **Recommendations** For Tenda CP3 version 11.10.00.2311090948, consider disabling the `sub F3C8C` function as a temporary workaround until a patch is available. Restrict access to the `apollo` file to minimize the risk of exploitation.