Submit #477048: tenda AC6 V15.03.05.16 Buffer Overflowinfo

Titletenda AC6 V15.03.05.16 Buffer Overflow
DescriptionTenda AC6 Vx.x.x.x firmware is vulnerable to Buffer Overflow via function "GetParentControlInfo" Firmware download website: https://www.tenda.com.cn/material/show/102661 In this code, strcpy is used to copy the string pointed to by src to the memory area pointed to by s at offset 2. The problems are as follows: The target buffer size is unclear: s is allocated 0x254 bytes of memory (596 bytes), but strcpy does not check the size of the target buffer and directly copies the contents of src to the s + 2 position. If the length of the src string exceeds the memory space available after the s + 2 position, strcpy will cause a buffer overflow. The size of src is not verified: src is obtained from sub_2B7C4(a1, "mac", &unk_EA0EC), and it is not ensured that the string does not exceed the size of the memory space after the s + 2 offset. If the length of src is too long and exceeds the memory range allocated by s, strcpy will write to the out-of-bounds memory area, causing an overflow.
Source⚠️ https://github.com/wy876/cve/issues/5
User
 WY596 (UID 79884)
Submission01/08/2025 07:34 AM (1 month ago)
Moderation01/08/2025 09:41 PM (14 hours later)
StatusAccepted
VulDB Entry290862 [Tenda AC6 15.03.05.16 GetParentControlInfo src stack-based overflow]
Points20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!