CVE-2023-51094

Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.12(4856)

Description The issue is related to a Command Execution vulnerability via the TendaTelnet function. This vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary commands by sending a specially crafted HTTP request.

Recommendations For Tenda M3 version 1.0.0.12(4856), as a temporary workaround, consider disabling the TendaTelnet function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.