Syuvi

**Name of the Vulnerable Software and Affected Versions** Tenda RX3 version 16.03.13.11 **Description** A critical issue has been found, affecting the `formSetDeviceName` function of the file `/goform/SetOnlineDevName`. The manipulation of the `devName` argument leads to a stack-based buffer overflow. This issue can be exploited remotely. **Recommendations** For Tenda RX3 version 16.03.13.11, as a temporary workaround, consider disabling the `formSetDeviceName` function until a patch is available. Restrict access to the `/goform/SetOnlineDevName` endpoint to minimize the risk of exploitation. Avoid using the `devName` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.