CVE-2023-40798 Information

Description

In Tenda AC23 v16.03.07.45_cn the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters resulting in a post-authentication stack overflow vulnerability.

Reference

https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/formSetIPv6status-formGetWanParameter