إرسال #782299: Tenda AC10 V4 US_AC10V4.0si_V16.03.10.10_multi_TDE01 Stack-based Buffer Overflowالمعلومات

عنوانTenda AC10 V4 US_AC10V4.0si_V16.03.10.10_multi_TDE01 Stack-based Buffer Overflow
الوصفStatic analysis of /bin/httpd in Tenda AC10 V4 firmware V16.03.10.10 identified 229 call sites to GetValue() which reads NVRAM values into caller-provided buffers without length validation. Multiple goform handlers use fixed-size stack buffers of 16 to 64 bytes as destinations including fromSysToolChangePwd (36 bytes), formSetMacFilterCfg (32 bytes), formGetIPv6status, formWanParameterSetting, formWifiBasicSet, and fromAdvSetLanip. The absence of stack canaries and fixed binary addresses make exploitation of any vulnerable call site reliable.
المصدر⚠️ https://github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/HIGH-01-getvalue-229-callers.md
المستخدم
 CoreNode (UID 96566)
ارسال18/03/2026 04:35 PM (1 شهر منذ)
الاعتدال04/04/2026 03:28 PM (17 days later)
الحالةتمت الموافقة
إدخال VulDB355314 [Tenda AC10 16.03.10.10_multi_TDE01 /bin/httpd fromSysToolChangePwd تلف الذاكرة]
النقاط20

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!