| शीर्षक | Tenda W12 V3.0.0.7(4763) stack |
|---|
| विवरण | # Stack Overflow Vulnerability in the `cgiSysTimeInfoSet` Function of Tenda W12
## Basic Information
- Vendor: Tenda
- Product: W12
- Firmware Version: V3.0.0.7(4763)
- Firmware Release Date: 2026-03-04
## Vulnerability Overview
A stack overflow vulnerability exists in the `cgiSysTimeInfoSet` function of the `/bin/httpd` binary in Tenda W12 V3.0.0.7(4763). An attacker can remotely trigger the vulnerability by sending a specially crafted request.
## Detailed Analysis
The program parses the `time` field inside the `cgiSysTimeInfoSet` function. During parsing, an overflow can occur when processing the `sec` variable.
PoC request
```
{
"sysTimeInfoSet": {
"type": "manual",
"time": "2026-04-26-12-00-"+"A"*0x1000
}
}
```
## Impact
- Stack Overflow
- May lead to:
- Device crash (DoS)
- Potential remote code execution (RCE)
|
|---|
| स्रोत | ⚠️ http://cdn2.v50to.cc/cgiSysTimeInfoSet_overflow.zip |
|---|
| उपयोगकर्ता | CookedMelon (UID 52513) |
|---|
| सबमिशन | 06/05/2026 08:34 AM (1 महीना पहले) |
|---|
| संयम | 30/05/2026 06:47 PM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367470 [Tenda W12 3.0.0.7(4763) /bin/httpd cgiSysTimeInfoSet sec बफ़र ओवरफ़्लो] |
|---|
| अंक | 17 |
|---|