Title | Tenda FH1206 V1.2.0.8(8155) buffer overflow |
---|
Description | The Tenda FH1206 V1.2.0.8(8155) has a stack overflow vulnerability located in the fromAddressNat function.The Var variable receives the entrys parameter from a POST request and is later assigned to the v6 variable. However, since the user has control over the input of entrys, the statement sprintf(v6, "%s;%s", Var, v2); leads to a buffer overflow. There is no size check, so the user-provided entrys can exceed the allocated size of the v6 array (516 bytes), thus triggering this security vulnerability. The attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data. |
---|
Source | ⚠️ https://palm-vertebra-fe9.notion.site/fromAddressNat_entrys-b04d5356e5f04e30b37cb9037b94e1b2 |
---|
User | ta0lve (ID 67644) |
---|
Submission | 13/04/2024 17h38 (26 days ago) |
---|
Moderation | 20/04/2024 06h53 (7 days later) |
---|
Status | Aceite |
---|
VulDB Entry | 261671 |
---|