CVE-2022-40068

Name of the Vulnerable Software and Affected Versions Tenda AC21 version 16.03.08.15

Description The issue is related to a Buffer Overflow that can occur via the /bin/httpd, specifically in the function formSetQosBand(). This can be exploited through the API endpoint "/bin/httpd". The formSetQosBand function is the vulnerable component. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For Tenda AC21 version 16.03.08.15, as a temporary workaround, consider disabling the formSetQosBand function until a patch is available. Restrict access to the /bin/httpd endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.