CVE-2023-49431

Name of the Vulnerable Software and Affected Versions Tenda AX9 version V22.03.01.46

Description A command injection issue has been discovered in the mac parameter at the "/goform/SetOnlineDevName" API endpoint. This allows for potential command injection attacks.

Recommendations For Tenda AX9 version V22.03.01.46, as a temporary workaround, consider restricting access to the "/goform/SetOnlineDevName" API endpoint to minimize the risk of exploitation. Avoid using the mac parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.