| タイトル | Tenda W12 V3.0.0.7(4763) Stack-based Buffer Overflow |
|---|
| 説明 | ## Basic Information
- Vendor: Tenda
- Product: W12
- Firmware Version: V3.0.0.7(4763)
- Firmware Release Date: 2026-03-04
## Vulnerability Overview
A stack overflow vulnerability exists in the `cgistaKickOff` function of the `/bin/httpd` binary in Tenda W12 V3.0.0.7(4763). An attacker can remotely trigger the vulnerability by sending a specially crafted request.
## Detailed Analysis
During request parsing, the program does not properly validate the `staMac` field. When the supplied value exceeds 32 bytes, it can overflow the `form_mac` field on the stack.
PoC request
```
{
"staKickOff": {
"ssidIndex": "0",
"radio": "2.4G",
"staMac": "A" * 0x2000
}
}
```
## Impact
- Stack Overflow
- May lead to:
- Device crash (DoS)
- Potential remote code execution (RCE) |
|---|
| ソース | ⚠️ http://cdn2.v50to.cc/Tenda%20W12%20cgistaKickOff%20overflow.zip |
|---|
| ユーザー | CookedMelon (UID 52513) |
|---|
| 送信 | 2026年05月06日 08:27 (29 日 ago) |
|---|
| モデレーション | 2026年05月30日 18:47 (24 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 367469 [Tenda W12 3.0.0.7(4763) /bin/httpd cgistaKickOff staMac メモリ破損] |
|---|
| ポイント | 17 |
|---|