CVE-2023-49409

Name of the Vulnerable Software and Affected Versions Tenda AX3 version V16.03.12.11

Description The issue is related to a Command Execution vulnerability in the Tenda AX3 Wi-Fi router's firmware, specifically via the /goform/telnet function. This vulnerability is due to the lack of measures to neutralize special elements when processing the /goform/telnet request. Exploitation of this issue can allow a remote attacker to execute arbitrary commands.

Recommendations For Tenda AX3 version V16.03.12.11, as a temporary workaround, consider disabling the /goform/telnet function until a patch is available. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.