CVE-2023-38930

Name of the Vulnerable Software and Affected Versions Tenda AC7 version V1.0,V15.03.06.44 Tenda F1203 version V2.0.1.6 Tenda AC5 version V1.0,V15.03.06.28 Tenda AC9 version V3.0,V15.03.06.42 multi Tenda FH1205 version V2.0.0.7(775)

Description The issue is related to a stack overflow in the addWifiMacFilter() function of Tenda router firmware when processing the deviceId parameter. This can allow a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For Tenda AC7 version V1.0,V15.03.06.44, consider disabling the addWifiMacFilter() function until a patch is available. For Tenda F1203 version V2.0.1.6, restrict access to the addWifiMacFilter() function to minimize the risk of exploitation. For Tenda AC5 version V1.0,V15.03.06.28, avoid using the deviceId parameter in the affected function until the issue is resolved. For Tenda AC9 version V3.0,V15.03.06.42 multi, apply configuration changes to limit the impact of the stack overflow. For Tenda FH1205 version V2.0.0.7(775), update the firmware to a version that does not contain the vulnerable addWifiMacFilter() function, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.