Xiaobye_Tw

Name of the Vulnerable Software and Affected Versions: Ameba-AIoT ameba-arduino-d versions prior to 3.1.9 ameba-rtos-d versions prior to commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a Description: A heap-based buffer overflow exists in the WLAN driver defragment function due to a lack of validation of the size of fragmented Wi-Fi frames. Recommendations: Update Ameba-AIoT ameba-arduino-d to version 3.1.9 or later. Update ameba-rtos-d to commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a or later.

**Name of the Vulnerable Software and Affected Versions** Tenda TX9 V1 version 22.03.02.54 Tenda AX3 V3 version 16.03.12.11 Tenda AX9 V1 version 22.03.01.46 Tenda AX12 V1 version 22.03.01.46 **Description** An access control issue in /usr/sbin/httpd allows attackers to bypass authentication on any endpoint via a crafted URL. **Recommendations** For Tenda TX9 V1 version 22.03.02.54, update to a version that fixes the access control issue. For Tenda AX3 V3 version 16.03.12.11, update to a version that fixes the access control issue. For Tenda AX9 V1 version 22.03.01.46, update to a version that fixes the access control issue. For Tenda AX12 V1 version 22.03.01.46, update to a version that fixes the access control issue. As a temporary workaround, consider restricting access to the /usr/sbin/httpd endpoint until a patch is available.