CVE-2021-45391

Name of the Vulnerable Software and Affected Versions Tenda Router AX12 version V22.03.01.21 CN

Description A Buffer Overflow issue exists in the sub 422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, causing a Denial of Service.

Recommendations For Tenda Router AX12 version V22.03.01.21 CN, as a temporary workaround, consider disabling the sub 422CE4 function in the /usr/sbin/httpd binary file until a patch is available. Restrict access to the goform/setIPv6Status endpoint to minimize the risk of exploitation. Avoid using the conType parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.