CVE-2023-49999

Name of the Vulnerable Software and Affected Versions Tenda W30E version 16.01.0.12(4843)

Description The issue is related to a command injection vulnerability via the setUmountUSBPartition function. This vulnerability may allow a remote attacker to execute arbitrary commands. The vulnerability is also described as a buffer overflow issue in the Tenda W30E Wi-Fi router's firmware, which can be exploited to achieve remote code execution.

Recommendations For version 16.01.0.12(4843), consider disabling the setUmountUSBPartition function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.