The-Itach1

**Name of the Vulnerable Software and Affected Versions** Tenda AX12 version V22.03.01.21 CN **Description** The issue is related to a command injection vulnerability. This vulnerability can be exploited via the `/goform/setMacFilterCfg` function. **Recommendations** For Tenda AX12 version V22.03.01.21 CN, as a temporary workaround, consider disabling the `setMacFilterCfg` function until a patch is available. Restrict access to the `/goform/setMacFilterCfg` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AX12 version 22.03.01.21 CN **Description** A stack overflow issue was discovered via the `ssid` parameter at the "/goform/fast setting wifi set" API endpoint. **Recommendations** For Tenda AX12 version 22.03.01.21 CN, avoid using the `ssid` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "/goform/fast setting wifi set" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AX12 version V22.03.01.21 CN **Description** The issue is related to a Cross-Site Request Forgery (CSRF) that can be exploited via the "/goform/SysToolRestoreSet" API endpoint. This allows an attacker to perform unauthorized actions on the affected system. **Recommendations** For Tenda AX12 version V22.03.01.21 CN, as a temporary workaround, consider restricting access to the "/goform/SysToolRestoreSet" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tenda AX12 version V22.03.01.16 cn **Description** The issue is related to command injection via the `goform/fast setting internet set` API endpoint. This allows for potential malicious commands to be executed. **Recommendations** For Tenda AX12 version V22.03.01.16 cn, as a temporary workaround, consider restricting access to the `goform/fast setting internet set` API endpoint until a patch is available. Avoid using this endpoint in untrusted environments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AX12 version V22.03.01.21 CN **Description** The issue is related to a Buffer Overflow that occurs in the `sub 42FDE4` function. This function handles POST requests under the "/goform/SetIpMacBind" API endpoint, which is triggered by the `sub 430124` upper-level interface function. **Recommendations** For Tenda AX12 version V22.03.01.21 CN, as a temporary workaround, consider disabling the `sub 42FDE4` function until a patch is available. Restrict access to the "/goform/SetIpMacBind" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.