CVE-2023-40891

Name of the Vulnerable Software and Affected Versions Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Zyxel CPE (affected versions not specified)

Description A stack overflow issue was discovered in Tenda AC8 via the firewallEn parameter at the "/goform/SetFirewallCfg" API endpoint. For Zyxel CPE devices, a critical vulnerability allows remote attackers to execute arbitrary commands with "supervisor" or "zyuser" privileges by sending specially crafted network requests via the telnet protocol. Over 1500 vulnerable Zyxel CPE routers have been detected, primarily in the Philippines, Turkey, the UK, and France. Although less common in Russia, these devices can still be found among small organizations, telecom operators, and private users.

Recommendations For Tenda AC8 version US AC8V4.0si V16.03.34.06 cn, consider disabling access to the "/goform/SetFirewallCfg" API endpoint until a patch is available. For Zyxel CPE devices, use firewalls to limit remote access, create a "whitelist" of IP addresses for access, and apply secure communications for remote access. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Zyxel CPE devices.