CVE-2023-38940

Name of the Vulnerable Software and Affected Versions Tenda F1203 version 2.0.1.6 Tenda FH1203 version 2.0.1.6 Tenda FH1205 version 2.0.0.7(775)

Description The issue is related to a stack overflow in the form fast setting wifi set function, which can be exploited via the ssid parameter. This allows a remote attacker to execute arbitrary code. The vulnerability is associated with a buffer overflow in the memory.

Recommendations For Tenda F1203 version 2.0.1.6, consider disabling the form fast setting wifi set function until a patch is available. For Tenda FH1203 version 2.0.1.6, restrict access to the ssid parameter in the affected function to minimize the risk of exploitation. For Tenda FH1205 version 2.0.0.7(775), avoid using the ssid parameter in the form fast setting wifi set function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.