| عنوان | Tenda AC15 15.03.05.18 Memory Corruption |
|---|
| الوصف | A stack-based buffer overflow exists in the fromSysToolChangePwd function of the Tenda AC15 router firmware V15.03.05.18. When processing a POST request to /goform/SysToolChangePwd, the function reads the oldPwd, newPwd, and cfmPwd parameters via websGetVar() without length restriction. These values are compared against a 64-byte stack buffer using strcmp and passed to further processing functions. An attacker can send oversized password values to overflow the stack buffer, crashing the httpd service or potentially achieving remote code execution. The vulnerability requires LAN access and cookie-based authentication. Proof of concept included in the attached archive. |
|---|
| المصدر | ⚠️ https://files.catbox.moe/xrk8jb.zip |
|---|
| المستخدم | meshaal (UID 96796) |
|---|
| ارسال | 25/03/2026 08:00 PM (28 أيام منذ) |
|---|
| الاعتدال | 08/04/2026 06:58 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 356277 [Tenda AC15 15.03.05.18 /goform/SysToolChangePwd websGetVar oldPwd/newPwd/cfmPwd تلف الذاكرة] |
|---|
| النقاط | 17 |
|---|