CVE-2022-37292

Name of the Vulnerable Software and Affected Versions Tenda AX12 version V22.03.01.21 CN

Description The issue is related to a Buffer Overflow that occurs in the sub 42FDE4 function. This function handles POST requests under the "/goform/SetIpMacBind" API endpoint, which is triggered by the sub 430124 upper-level interface function.

Recommendations For Tenda AX12 version V22.03.01.21 CN, as a temporary workaround, consider disabling the sub 42FDE4 function until a patch is available. Restrict access to the "/goform/SetIpMacBind" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.