Wy596

**Name of the Vulnerable Software and Affected Versions** Tenda AC6 version 15.03.05.16 **Description** A critical issue has been found in the function `GetParentControlInfo` of the file "/goform/GetParentControlInfo". The manipulation of the argument `src` leads to a stack-based buffer overflow. It is possible to launch the attack remotely. **Recommendations** For Tenda AC6 version 15.03.05.16, as a temporary workaround, consider disabling the `GetParentControlInfo` function until a patch is available. Restrict access to the "/goform/GetParentControlInfo" endpoint to minimize the risk of exploitation. Avoid using the `src` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.