CVE-2023-38937

Name of the Vulnerable Software and Affected Versions Tenda AC10 versions V1.0 V15.03.06.23 through V4.0 V16.03.10.13 Tenda AC1206 version V15.03.06.23 Tenda AC8 version V16.03.34.06 Tenda AC6 version V2.0 V15.03.06.23 Tenda AC7 version V1.0 V15.03.06.44 Tenda AC5 version V1.0 V15.03.06.28 Tenda AC9 version V3.0 V15.03.06.42 multi

Description The issue is related to a stack overflow in the formSetVirtualSer() function when handling the list parameter, potentially allowing a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For Tenda AC10 versions V1.0 V15.03.06.23 through V4.0 V16.03.10.13, consider disabling the formSetVirtualSer() function until a patch is available. For Tenda AC1206 version V15.03.06.23, restrict access to the formSetVirtualSer() function to minimize the risk of exploitation. For Tenda AC8 version V16.03.34.06, avoid using the list parameter in the formSetVirtualSer() function until the issue is resolved. For Tenda AC6 version V2.0 V15.03.06.23, Tenda AC7 version V1.0 V15.03.06.44, Tenda AC5 version V1.0 V15.03.06.28, and Tenda AC9 version V3.0 V15.03.06.42 multi, apply configuration changes to limit the impact of the stack overflow vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.