| タイトル | Tenda CX12L V16.03.53.12 Stack-based Buffer Overflow |
|---|
| 説明 | During a security review of the Tenda CX12L router firmware (version V16.03.53.12), a critical buffer overflow vulnerability was identified in the Wi-Fi schedule configuration endpoint /goform/openSchedWifi.
The vulnerability exists within the setSchedWifi function. This function retrieves user-controlled parameters schedStartTime and schedEndTime via the websGetVar interface. These values are subsequently copied into a heap-allocated buffer of fixed size (25 bytes) using the unsafe strcpy function. Since there is no length validation on the input, an attacker can provide an oversized string to overflow the buffer, leading to memory corruption, Denial of Service (DoS), or potential arbitrary code execution. |
|---|
| ソース | ⚠️ https://github.com/cve-a/moist/issues/2 |
|---|
| ユーザー | moist (UID 98412) |
|---|
| 送信 | 2026年05月22日 09:44 (20 日 ago) |
|---|
| モデレーション | 2026年06月07日 16:01 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 369124 [Tenda CX12L 16.03.53.12 Wi-Fi Schedule Configuration Endpoint /goform/openSchedWifi setSchedWifi schedStartTime/schedEndTime メモリ破損] |
|---|
| ポイント | 20 |
|---|