L1Ziang

**Name of the Vulnerable Software and Affected Versions** Tenda A301 version 15.13.08.12 multi TDE01 **Description** A critical issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument `deviceList` leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Tenda A301 version 15.13.08.12 multi TDE01, as a temporary workaround, consider disabling the function formAddMacfilterRule until a patch is available. Restrict access to the file /goform/setBlackRule to minimize the risk of exploitation. Avoid using the argument `deviceList` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.