CVE-2022-40866

Name of the Vulnerable Software and Affected Versions Tenda W20E router version 15.11.0.6

Description The issue is a stack overflow vulnerability in the formSetDebugCfg function, which is triggered by the request "/goform/setDebugCfg/". This vulnerability can be exploited, but details about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited are not provided.

Recommendations For Tenda W20E router version 15.11.0.6, consider disabling the formSetDebugCfg function as a temporary workaround until a patch is available. Restrict access to the "/goform/setDebugCfg/" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.