CVE-2023-34566

Name of the Vulnerable Software and Affected Versions Tenda AC10 version US AC10V4.0si V16.03.10.13 cn

Description The issue is related to a stack overflow in the Tenda AC10 router's software, which can be triggered via the time parameter at the "/goform/saveParentControlInfo" API endpoint. This can potentially allow a remote attacker to execute arbitrary code.

Recommendations For Tenda AC10 version US AC10V4.0si V16.03.10.13 cn, as a temporary workaround, consider restricting access to the "/goform/saveParentControlInfo" API endpoint until a patch is available. Avoid using the time parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.