| 제목 | Tenda M3 V1.0.0.13(4903) Stack-based Buffer Overflow |
|---|
| 설명 | The formSetDhcpForAp handler in /bin/httpd calls formSetRemoteDhcpForAp which is vulnerable to multiple stack overflows due to the absence of user input sanitization and bounds checking on parameters startip, endip, leasetime, gateway, dns1, and dns2 which can lead to corruption of data on the stack, hijacking of control flow, and DoS. The attack can be performed remotely.
The vulnerability is in the memcpy() calls with no bounds checking.
The router must be configured with ac.workmode=master (default) for this vulnerability to be exploitable.
Send a POST request to the /goform/setDhcpAP endpoint to trigger the stack overflow in formSetRemoteDhcpForAp and we can deliver the payload using any of the 6 parameters |
|---|
| 원천 | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Tenda/setRemoteDhcpForAp.md |
|---|
| 사용자 | dwbruijn (UID 93926) |
|---|
| 제출 | 2025. 12. 28. PM 05:49 (3 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 29. AM 10:17 (16 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338642 [Tenda M3 1.0.0.13(4903) /goform/setDhcpAP formSetRemoteDhcpForAp startip/endip/leasetime/gateway/dns1/dns2 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|