A vulnerability, which was classified as critical, has been found in Tenda AX9 22.03.01.46. Affected by this issue is some unknown functionality of the file /goform/SetOnlineDevName. The manipulation of the argument mac leads to command injection.

This vulnerability is handled as CVE-2023-49431. The attack can only be done within the local network. There is no exploit available.