| عنوان | Tenda A18pro V02.03.02.28 Stack-based Buffer Overflow |
|---|
| الوصف | During a security review of the Tenda A18pro router firmware (version V02.03.02.28), a critical stack-based buffer overflow vulnerability was identified in the IP-MAC binding configuration endpoint /goform/SetIpMacBind.
The vulnerability exists in the fromSetIpMacBind function. This function processes the list parameter which contains the binding rules. The function fails to validate the length of the input string before copying it into a fixed-size stack buffer s[128] using the unsafe strcpy function. Furthermore, the parsed data is passed to set_device_name, which contains additional unsafe sprintf calls, leading to multiple points of stack corruption. |
|---|
| المصدر | ⚠️ https://github.com/lilukun337/cve/issues/3 |
|---|
| المستخدم | lilukun (UID 96162) |
|---|
| ارسال | 06/03/2026 06:59 AM (1 شهر منذ) |
|---|
| الاعتدال | 20/03/2026 09:33 AM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 352017 [Tenda A18 Pro 02.03.02.28 /goform/SetIpMacBind fromSetIpMacBind list تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|