Korey0Sh1

**Name of the Vulnerable Software and Affected Versions** Tenda AX3 version 16.03.12.11 **Description** The issue is a stack buffer overflow that allows attackers to cause a Denial of Service (DoS) via the `ssid` parameter. This occurs at the `form fast setting wifi set` function. **Recommendations** For Tenda AX3 version 16.03.12.11, as a temporary workaround, consider restricting access to the `form fast setting wifi set` function until a patch is available. Avoid using the `ssid` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK T10 v2 version 5.9c.5061 B20200511 **Description** The issue is a stack-based buffer overflow in the `setWiFiWpsConfig` function, located in `/lib/cste modules/wps.so`. Attackers can exploit this by sending crafted data in an MQTT packet, specifically via the `pin` parameter, to control the return address and execute code. **Recommendations** For TOTOLINK T10 v2 version 5.9c.5061 B20200511, as a temporary workaround, consider restricting access to the `setWiFiWpsConfig` function in `/lib/cste modules/wps.so` to minimize the risk of exploitation. Avoid using the `pin` parameter in the affected MQTT packet until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TOTOLINK T10 v2 version 5.9c.5061 B20200511 **Description** The issue is a stack-based buffer overflow in the `setStaticDhcpConfig` function located in `/lib/cste modules/lan.so`. Attackers can exploit this by sending crafted data in an MQTT packet, specifically via the `comment` parameter, to control the return address and potentially execute code. **Recommendations** For TOTOLINK T10 v2 version 5.9c.5061 B20200511, as a temporary workaround, consider restricting access to the `setStaticDhcpConfig` function in `/lib/cste modules/lan.so` to minimize the risk of exploitation. Avoid using the `comment` parameter in MQTT packets until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.