| Titel | Tenda AC9 v1.0/V3.0 V15.03.06.42_multi Stack-based Buffer Overflow |
|---|
| Beschreibung | A stack-based buffer overflow vulnerability exists in the Tenda AC9 router. The vulnerability is located in the `formGetRebootTimer` function of the web service component. When processing the configuration items `sys.schedulereboot.start_time` and `sys.schedulereboot.end_time`, the program fails to perform proper bounds checking and directly copies the configuration values into stack buffers via the `GetValue` function. An attacker can tamper with these configuration fields and set them to excessively long strings to trigger a stack overflow, which may cause the web service to crash or continuously restart. In severe cases, this vulnerability could potentially lead to remote code execution.
|
|---|
| Quelle | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda4.md |
|---|
| Benutzer | jfkk (UID 79868) |
|---|
| Einreichung | 31.01.2026 15:34 (vor 3 Monaten) |
|---|
| Moderieren | 07.02.2026 18:28 (7 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 344895 [Tenda AC9 15.03.06.42_multi formGetRebootTimer Pufferüberlauf] |
|---|
| Punkte | 20 |
|---|