CVE-2018-16333

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 CN Tenda AC9 version 15.03.05.19(6318) CN Tenda AC10 version 15.03.06.23 CN Tenda AC15 version 15.03.05.19 CN Tenda AC18 version 15.03.05.19(6318) CN

Description A buffer overflow issue exists in the router's web server. The problem occurs when processing the ssid parameter for a POST request. The value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.

Recommendations For Tenda AC7 version 15.03.06.44 CN, avoid using the ssid parameter in POST requests to the web server until a patch is available. For Tenda AC9 version 15.03.05.19(6318) CN, restrict access to the web server to minimize the risk of exploitation. For Tenda AC10 version 15.03.06.23 CN, consider disabling the web server functionality until a fix is provided. For Tenda AC15 version 15.03.05.19 CN, refrain from using the vulnerable web server until an update is released. For Tenda AC18 version 15.03.05.19(6318) CN, as a temporary workaround, limit the use of the ssid parameter in the web server's POST requests.