CVE-2023-40845

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 1.0

Description The issue concerns a buffer overflow that occurs via the function sub 34FD0. This function reads user-provided parameters and passes variables without performing any length checks, leading to the overflow.

Recommendations For version 1.0, as a temporary workaround, consider disabling the sub 34FD0 function until a patch is available. Restrict access to the module that utilizes this function to minimize the risk of exploitation. Avoid using parameters that are passed to the sub 34FD0 function in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.