Lilukun

**Name of the Vulnerable Software and Affected Versions** Tenda A18 Pro version 02.03.02.28 **Description** A stack-based buffer overflow exists in the `form fast setting wifi set` function located in the file `/goform/fast setting wifi set`. The issue can be exploited remotely. The exploit is publicly available. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/fast setting wifi set` file.

**Name of the Vulnerable Software and Affected Versions** Tenda A18 Pro version 02.03.02.28 **Description** A flaw exists in the `setSchedWifi` function of the `/goform/openSchedWifi` file, leading to a stack-based buffer overflow. Remote exploitation is possible. An exploit has been published. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/openSchedWifi` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda A18 Pro version 02.03.02.28 **Description** A stack-based buffer overflow exists in the `fromSetIpMacBind` function located in the `/goform/SetIpMacBind` file of the Tenda A18 Pro. Manipulation of the argument list to this function can trigger the overflow, allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda A18 Pro version 02.03.02.28 **Description** A flaw exists in the Tenda A18 Pro version 02.03.02.28 that allows remote attackers to trigger a stack-based buffer overflow. The issue is located in the `set qosMib list` function within the `/goform/formSetQosBand` file. Manipulation of the `list` argument can lead to the overflow. An exploit for this issue has been made public. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/formSetQosBand` file.

**Name of the Vulnerable Software and Affected Versions** Tenda A18 Pro version 02.03.02.28 **Description** A flaw exists in the MAC Filtering Configuration Endpoint of the Tenda A18 Pro. Specifically, the function `sub 423B50` within the file `/goform/setMacFilterCfg` is susceptible to a stack-based buffer overflow. This issue can be triggered by manipulating the `deviceList` argument, potentially allowing for remote exploitation. The vulnerability has been publicly disclosed. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the MAC Filtering feature until a patch is available.