| タイトル | Tenda CH22 V1.0.0.1 Stack-based Buffer Overflow |
|---|
| 説明 | During a white-box security audit of the Tenda CH22 router, a critical buffer overflow vulnerability was identified in the '/goform/AdvSetWrlsafeset' endpoint. The function 'formWrlsafeset()' associated with this endpoint improperly handles user input, specifically the 'mit_ssid_index' parameter. By submitting an oversized value for this parameter, attackers can cause the 'sprintf' function to overflow the local buffer 'v27', which has a maximum capacity of 448 bytes.
This vulnerability affects firmware version V1.0.0.1 and requires no authentication to exploit, significantly increasing its severity. Since the attack vector is exposed via a web-accessible endpoint, it can be easily exploited through automated scripts or specially crafted HTTP requests.
Immediate mitigation is necessary, such as input length validation, use of secure string-handling functions like 'snprintf', and firmware updates to patch the vulnerability. Users are strongly advised to update the device firmware or isolate vulnerable devices from untrusted networks. |
|---|
| ソース | ⚠️ https://github.com/Sxxxw/cve/issues/2 |
|---|
| ユーザー | Sxxxw (UID 89241) |
|---|
| 送信 | 2025年09月30日 12:02 (7 月 ago) |
|---|
| モデレーション | 2025年10月07日 13:05 (7 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 327354 [Tenda CH22 迄 1.0.0.1 HTTP Request /goform/AdvSetWrlsafeset formWrlsafeset mit_ssid_index メモリ破損] |
|---|
| ポイント | 20 |
|---|