CVE-2023-25234

Name of the Vulnerable Software and Affected Versions Tenda AC500 version 2.0.1.9(1307)

Description The issue is related to a buffer overflow in the fromAddressNat function of the Tenda AC500 router's firmware, which can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability is triggered via the entrys and mitInterface parameters.

Recommendations For Tenda AC500 version 2.0.1.9(1307), consider disabling the fromAddressNat function as a temporary workaround until a patch is available. Restrict access to the parameters entrys and mitInterface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.