| 제목 | Tenda FH451 V1.0.0.9 Stack-based Buffer Overflow |
|---|
| 설명 | The router model FH451V1.0.0.9, manufactured by Shenzhen Tenda Technology Co., Ltd., contains a binary stack-based buffer overflow vulnerability located within the function frmL7ProtForm. This function receives a parameter a1 via a POST request and extracts a variable named page from it. Subsequently, the function utilizes the sprintf function to write the contents of the page variable into a buffer array v11 of size 64 bytes without performing any bounds checking. An attacker can exploit this vulnerability to cause a denial of service (DoS) condition. Furthermore, this vulnerability can be leveraged to construct a Return-Oriented Programming (ROP) chain, enabling the attacker to overwrite the return address and achieve privilege escalation or remote code execution (RCE). |
|---|
| 원천 | ⚠️ https://github.com/zezhifu1/cve_report/blob/main/FH451/frmL7ProtForm.md |
|---|
| 사용자 | zezhifu (UID 87457) |
|---|
| 제출 | 2025. 07. 08. PM 03:29 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 11. PM 10:41 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 316188 [Tenda FH451 1.0.0.9 HTTP POST Request /goform/L7Prot frmL7ProtForm page 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|