A vulnerability was found in Tenda AX9 22.03.01.46. It has been declared as critical. This vulnerability affects unknown code of the file /goform/SetNetControlList. The manipulation of the argument list leads to command injection.
This vulnerability was named CVE-2023-49436. The attack needs to be initiated within the local network. There is no exploit available.