| 제목 | Tenda AC15 15.03.05.18 Memory Corruption |
|---|
| 설명 | A stack-based buffer overflow exists in the fromSysToolChangePwd function of the Tenda AC15 router firmware V15.03.05.18. When processing a POST request to /goform/SysToolChangePwd, the function reads the oldPwd, newPwd, and cfmPwd parameters via websGetVar() without length restriction. These values are compared against a 64-byte stack buffer using strcmp and passed to further processing functions. An attacker can send oversized password values to overflow the stack buffer, crashing the httpd service or potentially achieving remote code execution. The vulnerability requires LAN access and cookie-based authentication. Proof of concept included in the attached archive. |
|---|
| 원천 | ⚠️ https://files.catbox.moe/xrk8jb.zip |
|---|
| 사용자 | meshaal (UID 96796) |
|---|
| 제출 | 2026. 03. 25. PM 08:00 (22 날 ago) |
|---|
| 모더레이션 | 2026. 04. 08. PM 06:58 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 356277 [Tenda AC15 15.03.05.18 /goform/SysToolChangePwd websGetVar oldPwd/newPwd/cfmPwd 메모리 손상] |
|---|
| 포인트들 | 17 |
|---|