Simple exploit for CVE-2020-13393 for the Tenda AC15 on firmware V15.03.05.18_multi.
This exploit was developed as an exercise using EMUX, no guarantee that it works on a real device. Check out our blog post on its development here.
The vulnerability is a stack overflow on the time parameter of the saveParentControlInfo endpoint. Note that the affected endpoint normally requires authentication, but you can abuse CVE-2021-44971 to bypass it.
The repo also contains a decompiled version of the saveParentControlInfo function.