提出 #773671: Tenda A18pro V02.03.02.28 Stack-based Buffer Overflow情報

タイトルTenda A18pro V02.03.02.28 Stack-based Buffer Overflow
説明During a security review of the Tenda A18pro router firmware (version V02.03.02.28), a critical stack-based buffer overflow vulnerability was identified in the IP-MAC binding configuration endpoint /goform/SetIpMacBind. The vulnerability exists in the fromSetIpMacBind function. This function processes the list parameter which contains the binding rules. The function fails to validate the length of the input string before copying it into a fixed-size stack buffer s[128] using the unsafe strcpy function. Furthermore, the parsed data is passed to set_device_name, which contains additional unsafe sprintf calls, leading to multiple points of stack corruption.
ソース⚠️ https://github.com/lilukun337/cve/issues/3
ユーザー
 lilukun (UID 96162)
送信2026年03月06日 06:59 (5 月 ago)
モデレーション2026年03月20日 09:33 (14 days later)
ステータス承諾済み
VulDBエントリ352017 [Tenda A18 Pro 02.03.02.28 /goform/SetIpMacBind fromSetIpMacBind list メモリ破損]
ポイント20

Do you want to use VulDB in your project?

Use the official API to access entries easily!