| 제목 | Tenda AC9 v1.0/V3.0 V15.03.06.42_multi Stack-based Buffer Overflow |
|---|
| 설명 | A stack-based buffer overflow vulnerability exists in the Tenda AC9 router. The vulnerability is located in the `formGetRebootTimer` function of the web service component. When processing the configuration items `sys.schedulereboot.start_time` and `sys.schedulereboot.end_time`, the program fails to perform proper bounds checking and directly copies the configuration values into stack buffers via the `GetValue` function. An attacker can tamper with these configuration fields and set them to excessively long strings to trigger a stack overflow, which may cause the web service to crash or continuously restart. In severe cases, this vulnerability could potentially lead to remote code execution.
|
|---|
| 원천 | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda4.md |
|---|
| 사용자 | jfkk (UID 79868) |
|---|
| 제출 | 2026. 01. 31. PM 03:34 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 07. PM 06:28 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344895 [Tenda AC9 15.03.06.42_multi formGetRebootTimer 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|