| Titel | Tenda AC7 V15.03.06.44 Buffer Overflow |
|---|
| Beschreibung | The router AC7_V15.03.06.44 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary stack overflow vulnerability located in the function formSetSchedLed. This function accepts the parameter time from wp through a post request to time_interval, and then calls the strtok function twice for extraction. The extracted result is passed into the function mib2utc without any check, which may cause the buffer ali_val to overflow. Attackers can exploit this vulnerability to cause a denial of service or remote code execution. |
|---|
| Quelle | ⚠️ https://github.com/zezhifu1/cve_report/blob/main/AC7/formsetschedled.md |
|---|
| Benutzer | zezhifu (UID 87457) |
|---|
| Einreichung | 06.08.2025 11:13 (vor 10 Monaten) |
|---|
| Moderieren | 14.08.2025 09:07 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 320088 [Tenda AC7/AC18 15.03.05.19/15.03.06.44 /goform/SetLEDCfg formSetSchedLed Zeit Pufferüberlauf] |
|---|
| Punkte | 20 |
|---|