CVE-2023-33669

Name of the Vulnerable Software and Affected Versions Tenda AC8 versions prior to V4.0-V16.03.34.06

Description The issue is related to a buffer overflow in the sub 44db3c() function when handling the timeZone parameter. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service by sending a specially crafted POST request.

Recommendations For versions prior to V4.0-V16.03.34.06, as a temporary workaround, consider restricting access to the sub 44db3c() function until a patch is available. Avoid using the timeZone parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.