CVE-2020-20746

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version V15.03.06.60 EN

Description: A stack-based buffer overflow in the httpd server allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to "/goform/SetStaticRouteCfg".

Recommendations: For Tenda AC9 version V15.03.06.60 EN, as a temporary workaround, consider restricting access to the "/goform/SetStaticRouteCfg" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.