Submit #158024: Tenda AC6 Unauthorized stack overflow vulnerability
| Title | Tenda AC6 Unauthorized stack overflow vulnerability |
|---|---|
| Description | There is a function named "fromDhcpListClient" in the US_AC6V1.0BR_V15.03.05.19 upgrade software.The function "fromDhcpListClient" is vulnerable to a stack-based buffer overflow. When this function reads in a parameter supplied by the user, it passes the variable to the function without performing any length check, which means that the stack-based buffer could be overflowed. This vulnerability could allow an attacker to easily execute a denial-of-service attack or remote code execution with carefully crafted overflow data by accessing the page. To secure the system, input parameters should be strictly checked and filtered for length to prevent such vulnerabilities from occurring. |
| Source | ⚠️ https:/ |
| User | tianwenqi (ID 46929) |
| Submission | 05/18/2023 10:29 (12 months ago) |
| Moderation | 05/27/2023 09:05 (9 days later) |
| Accepted | Accepted |
| VulDB Entry | VDB-230077 |