| عنوان | Tenda A21 V1.0.0.0 Stack-based Buffer Overflow |
|---|
| الوصف | During a security review of the Tenda A21 router firmware (version V1.0.0.0), a critical stack-based buffer overflow vulnerability was identified in the device name configuration endpoint /goform/SetOnlineDevName.
The vulnerability exists in the set_device_name function, which is invoked by the formSetDeviceName handler. The handler retrieves the user-controlled devName parameter and passes it to set_device_name. Inside this function, the input string is directly used in an unsafe sprintf call to format a string into a fixed-size stack buffer s__1[256]. The code fails to validate the length of the input string before this operation. |
|---|
| المصدر | ⚠️ https://github.com/QIU-DIE/cve-nneeww/issues/6 |
|---|
| المستخدم | hhsw34 (UID 91076) |
|---|
| ارسال | 09/02/2026 01:04 PM (3 أشهر منذ) |
|---|
| الاعتدال | 20/02/2026 06:04 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 347180 [Tenda A21 1.0.0.0 /goform/SetOnlineDevName set_device_name devName تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|