CVE-2023-47455

Name of the Vulnerable Software and Affected Versions Tenda AX1806 version 1.0.0.1

Description The issue is related to a heap overflow in the setSchedWifi function. This occurs because the src and v12 variables are directly obtained from HTTP request parameters schedStartTime and schedEndTime without checking their size. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For Tenda AX1806 version 1.0.0.1, as a temporary workaround, consider disabling the setSchedWifi function until a patch is available. Restrict access to the schedStartTime and schedEndTime parameters in the affected HTTP endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.