| عنوان | Tenda Tenda M3 Access Controller(M3) V1.0.0.10 Buffer Overflow |
|---|
| الوصف | A serious buffer overflow vulnerability exists in the setAdvPolicyData function of Tenda M3 V1.0.0.10 firmware, specifically in its subroutine sub_648D4. The vulnerability is caused by the following unsafe code logic:
strncpy(dest, src, v16 - src);
The copy length v16 - src is directly calculated from user-controlled input, while the program does not properly validate the actual size of the destination buffer dest. As a result, an attacker can craft malicious parameters to trigger a buffer overflow and cause denial of service (DoS) or other security impacts. |
|---|
| المصدر | ⚠️ https://github.com/Moxxkidd/CVE/issues/2 |
|---|
| المستخدم | Doma (UID 96528) |
|---|
| ارسال | 19/03/2026 03:17 PM (27 أيام منذ) |
|---|
| الاعتدال | 04/04/2026 04:26 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 355337 [Tenda M3 1.0.0.10 Destination /goform/setAdvPolicyData policyType تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|