CVE-2023-24332

Name of the Vulnerable Software and Affected Versions Tenda AC6 version US AC6V5.0re V03.03.02.01 cn TDC01

Description A stack overflow issue allows attackers to run arbitrary commands via a crafted POST request to "/goform/PowerSaveSet". This can be exploited by sending a specifically designed request to the mentioned endpoint.

Recommendations For Tenda AC6 version US AC6V5.0re V03.03.02.01 cn TDC01, as a temporary workaround, consider restricting access to the "/goform/PowerSaveSet" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.