CVE-2023-49406

Name of the Vulnerable Software and Affected Versions Tenda W30E version 16.01.0.12(4843)

Description The issue is related to a Command Execution vulnerability via the /goform/telnet function. This vulnerability is associated with the failure to neutralize special elements when processing the /goform/telnet request, which can allow a remote attacker to execute arbitrary commands.

Recommendations For Tenda W30E version 16.01.0.12(4843), as a temporary workaround, consider disabling the /goform/telnet function until a patch is available. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.