CVE-2021-31755

Name of the Vulnerable Software and Affected Versions Tenda AC11 devices with firmware through 02.03.01.104 CN

Description The issue is related to a stack buffer overflow that allows attackers to execute arbitrary code on the system. This can be achieved via a crafted post request to the /goform/setmac API endpoint. The vulnerability is associated with a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code by sending POST requests.

Recommendations For Tenda AC11 devices with firmware through 02.03.01.104 CN, update the firmware to a version later than 02.03.01.104 CN to resolve the issue. As a temporary workaround, consider restricting access to the /goform/setmac API endpoint until a patch is available.