CVE-2021-45991

Name of the Vulnerable Software and Affected Versions Tenda routers G1 and G3 version 15.11.0.17(9502) CN

Description A stack overflow was discovered in the function formAddVpnUsers, allowing attackers to cause a Denial of Service (DoS) via the vpnUsers parameter.

Recommendations For Tenda routers G1 and G3 version 15.11.0.17(9502) CN, as a temporary workaround, consider disabling the formAddVpnUsers function until a patch is available. Restrict access to the vpnUsers parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.