| عنوان | Tenda A21 V1.0.0.0 Stack-based Buffer Overflow |
|---|
| الوصف | During a security review of the Tenda A21 router firmware (version V1.0.0.0), a critical buffer overflow vulnerability was identified in the Wi-Fi schedule configuration endpoint /goform/openSchedWifi.
The vulnerability exists within the setSchedWifi function. This function retrieves user-controlled parameters schedStartTime and schedEndTime via the websGetVar interface. These values are subsequently copied into a heap-allocated buffer of fixed size (25 bytes) using the unsafe strcpy function. Since there is no length validation on the input, an attacker can provide an oversized string to overflow the buffer, leading to memory corruption, Denial of Service (DoS), or potential arbitrary code execution. |
|---|
| المصدر | ⚠️ https://github.com/QIU-DIE/cve-nneeww/issues/4 |
|---|
| المستخدم | hhsw34 (UID 91076) |
|---|
| ارسال | 09/02/2026 12:44 PM (3 أشهر منذ) |
|---|
| الاعتدال | 20/02/2026 03:41 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 347110 [Tenda A21 1.0.0.0 /goform/openSchedWifi setSchedWifi schedStartTime/schedEndTime تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|