Ming Yuan

**Name of the Vulnerable Software and Affected Versions** Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server, specifically in the httpd. The problem arises when processing the `ntpServer` parameter for a post request. The value of this parameter is directly used in a strcpy to a local variable on the stack, which overrides the return address of the function. **Recommendations** For Tenda AC7 version 15.03.06.44 CN, avoid using the `ntpServer` parameter in post requests until a patch is available. For Tenda AC9 version 15.03.05.19(6318) CN, restrict access to the httpd web server to minimize the risk of exploitation. For Tenda AC10 version 15.03.06.23 CN, consider disabling the httpd service temporarily as a workaround. For Tenda AC15 version 15.03.05.19 CN, refrain from using the vulnerable httpd web server until the issue is resolved. For Tenda AC18 version 15.03.05.19(6318) CN, as a temporary measure, limit the use of the `ntpServer` parameter in the affected post request endpoint.

**Name of the Vulnerable Software and Affected Versions** Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN **Description** A heap-based buffer overflow issue exists in the router's web server, specifically in the httpd. The issue arises when processing the `mac` parameter for a post request, as its value is directly used in a strcpy to a variable on the heap. This can potentially leak sensitive information or hijack program control flow. **Recommendations** For Tenda AC7 version 15.03.06.44 CN, consider restricting access to the httpd service until a patch is available. For Tenda AC9 version 15.03.05.19(6318) CN, avoid using the `mac` parameter in post requests to the httpd service until the issue is resolved. For Tenda AC10 version 15.03.06.23 CN, restrict access to the vulnerable httpd service to minimize the risk of exploitation. For Tenda AC15 version 15.03.05.19 CN, consider disabling the httpd service temporarily as a workaround. For Tenda AC18 version 15.03.05.19(6318) CN, limit the use of the `mac` parameter in the httpd service to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server, specifically in the httpd. The problem arises when processing the `startIp` and `endIp` parameters for a post request. Each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. **Recommendations** For Tenda AC7 version 15.03.06.44 CN, update the firmware to a version that addresses the buffer overflow vulnerability in the httpd web server. For Tenda AC9 version 15.03.05.19(6318) CN, update the firmware to a version that addresses the buffer overflow vulnerability in the httpd web server. For Tenda AC10 version 15.03.06.23 CN, update the firmware to a version that addresses the buffer overflow vulnerability in the httpd web server. For Tenda AC15 version 15.03.05.19 CN, update the firmware to a version that addresses the buffer overflow vulnerability in the httpd web server. For Tenda AC18 version 15.03.05.19(6318) CN, update the firmware to a version that addresses the buffer overflow vulnerability in the httpd web server. As a temporary workaround, consider restricting access to the httpd web server until a patch is available. Avoid using the `startIp` and `endIp` parameters in post requests to the vulnerable web server until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server, specifically in the httpd. The problem arises when processing the `deviceMac` parameter for a post request. The value of this parameter is directly used in a sprintf to a local variable on the stack, which overrides the return address of the function. **Recommendations** For Tenda AC7 version 15.03.06.44 CN, avoid using the `deviceMac` parameter in post requests to the httpd web server until a patch is available. For Tenda AC9 version 15.03.05.19(6318) CN, restrict access to the httpd web server to minimize the risk of exploitation. For Tenda AC10 version 15.03.06.23 CN, consider disabling the httpd web server temporarily until a fix is provided. For Tenda AC15 version 15.03.05.19 CN, refrain from using the vulnerable httpd web server until an update is released. For Tenda AC18 version 15.03.05.19(6318) CN, as a temporary workaround, limit the use of the `deviceMac` parameter in the httpd web server.

**Name of the Vulnerable Software and Affected Versions** Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server, specifically in the httpd. The problem arises when processing the `deviceList` parameter for a post request. The value of this parameter is directly used in a strcpy to a local variable on the stack, which overrides the return address of the function. **Recommendations** For Tenda AC7 version 15.03.06.44 CN, update the firmware to a version that addresses this issue. For Tenda AC9 version 15.03.05.19(6318) CN, update the firmware to a version that addresses this issue. For Tenda AC10 version 15.03.06.23 CN, update the firmware to a version that addresses this issue. For Tenda AC15 version 15.03.05.19 CN, update the firmware to a version that addresses this issue. For Tenda AC18 version 15.03.05.19(6318) CN, update the firmware to a version that addresses this issue. As a temporary workaround, consider restricting access to the httpd service until a patch is available. Avoid using the `deviceList` parameter in post requests to the affected router's web server until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tenda AC9 version 15.03.05.19(6318) CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN **Description** An issue allows remote code execution via shell metacharacters in the `usbName` field to the ` fastcall` function with a POST request. **Recommendations** For Tenda AC9 version 15.03.05.19(6318) CN, avoid using the `usbName` field in the affected API endpoint until the issue is resolved. For Tenda AC15 version 15.03.05.19 CN, restrict access to the ` fastcall` function to minimize the risk of exploitation. For Tenda AC18 version 15.03.05.19(6318) CN, consider disabling the ` fastcall` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN **Description** A buffer overflow issue exists in the router's web server. The problem occurs when processing the `ssid` parameter for a POST request. The value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. **Recommendations** For Tenda AC7 version 15.03.06.44 CN, avoid using the `ssid` parameter in POST requests to the web server until a patch is available. For Tenda AC9 version 15.03.05.19(6318) CN, restrict access to the web server to minimize the risk of exploitation. For Tenda AC10 version 15.03.06.23 CN, consider disabling the web server functionality until a fix is provided. For Tenda AC15 version 15.03.05.19 CN, refrain from using the vulnerable web server until an update is released. For Tenda AC18 version 15.03.05.19(6318) CN, as a temporary workaround, limit the use of the `ssid` parameter in the web server's POST requests.

**Name of the Vulnerable Software and Affected Versions** Tenda AC7 versions through V15.03.06.44 CN Tenda AC9 versions through V15.03.05.19(6318) CN Tenda AC10 versions through V15.03.06.23 CN **Description** The issue is related to a Stack-based Buffer Overflow that can be triggered by sending a long `limitSpeed` or `limitSpeedup` parameter to an unspecified `/goform` URI. **Recommendations** For Tenda AC7 versions through V15.03.06.44 CN, avoid using the `limitSpeed` or `limitSpeedup` parameters in the affected API endpoint until the issue is resolved. For Tenda AC9 versions through V15.03.05.19(6318) CN, restrict access to the `/goform` URI to minimize the risk of exploitation. For Tenda AC10 versions through V15.03.06.23 CN, consider disabling the functionality that processes the `limitSpeed` and `limitSpeedup` parameters until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHICOMM K2(PSG1218) devices versions V22.5.11.5 and earlier **Description** The issue allows unauthenticated remote code execution via a request to an unspecified ASP script. Alternatively, an attacker can leverage unauthenticated access to this script to trigger a reboot via an `ifType=reboot` action. **Recommendations** For PHICOMM K2(PSG1218) devices versions V22.5.11.5 and earlier, consider restricting access to the unspecified ASP script until a patch is available. As a temporary workaround, avoid using the `ifType=reboot` action in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.