CVE-2023-37717

Name of the Vulnerable Software and Affected Versions Tenda F1202 version V1.0BR V1.2.0.20(408) Tenda FH1202 version V1.2.0.19 EN Tenda AC10 version V1.0 Tenda AC1206 version V1.0 Tenda AC7 version V1.0 Tenda AC5 version V1.0 Tenda AC9 version V3.0

Description The issue is related to a stack overflow in the page parameter in the fromDhcpListClient() function. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service by sending a specially crafted request.

Recommendations For Tenda F1202 version V1.0BR V1.2.0.20(408), consider disabling the fromDhcpListClient() function until a patch is available. For Tenda FH1202 version V1.2.0.19 EN, consider disabling the fromDhcpListClient() function until a patch is available. For Tenda AC10 version V1.0, consider disabling the fromDhcpListClient() function until a patch is available. For Tenda AC1206 version V1.0, consider disabling the fromDhcpListClient() function until a patch is available. For Tenda AC7 version V1.0, consider disabling the fromDhcpListClient() function until a patch is available. For Tenda AC5 version V1.0, consider disabling the fromDhcpListClient() function until a patch is available. For Tenda AC9 version V3.0, consider disabling the fromDhcpListClient() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.