Tenda · Tenda Ac18 · CVE-2022-31446
**Name of the Vulnerable Software and Affected Versions**
Tenda AC18 router versions V15.03.05.05 through V15.03.05.19
**Description**
A remote code execution (RCE) issue was discovered via the `Mac` parameter at the "ip/goform/WriteFacMac" endpoint. This allows for potential exploitation.
**Recommendations**
For versions V15.03.05.05 through V15.03.05.19, consider disabling access to the "ip/goform/WriteFacMac" endpoint until a patch is available.
Restrict the use of the `Mac` parameter in the affected endpoint to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.