| 제목 | Tenda M3 V1.0.0.13(4903) Stack-based Buffer Overflow |
|---|
| 설명 | The formSetVlanInfo handler in /bin/httpd calls formSetRemoteVlanInfo (under certain conditions) which is vulnerable to multiple stack overflows due to the complete absence of user input sanitization and bounds checking on parameters ID, vlan, and port which can lead to corruption of data on the stack, hijacking of control flow, and DoS. The attack can be performed remotely.
The vulnerability is in the memcpy() calls with no bounds checking.
The following conditions must be satisfied for this vulnerability to be exploitable:
✅ 1. Router configured with ac.workmode=master
✅ 2. HTTP request includes Cookie header
✅ 3. Cookie contains devUid parameter
✅ 4. devUid format: devUid=IP:PORT;
✅ 5. IP must be valid dotted-quad format (xxx.xxx.xxx.xxx)
Send a POST request to the /goform/setVlanInfo endpoint to trigger the stack overflow in formSetRemoteVlanInfo |
|---|
| 원천 | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Tenda/setRemoteVlanInfo.md |
|---|
| 사용자 | dwbruijn (UID 93926) |
|---|
| 제출 | 2025. 12. 28. PM 05:31 (3 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 29. AM 09:01 (15 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338627 [Tenda M3 1.0.0.13(4903) /goform/setVlanInfo formSetRemoteVlanInfo ID/vlan/port 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|