CVE-2023-4744

Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.34.06 cn TDC01

Description A critical vulnerability was found in the function formSetDeviceName(), which leads to a stack-based buffer overflow. This issue can be exploited remotely, potentially allowing an attacker to execute arbitrary code, elevate privileges, or cause a denial of service by sending a specially crafted data packet. The exploit has been disclosed to the public.

Recommendations As a temporary workaround, consider disabling the formSetDeviceName() function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.