| Título | Tenda M3 V1.0.0.13(4903) Stack-based Buffer Overflow |
|---|
| Descrição | The formSetAdPushInfo handler in /bin/httpd is vulnerable to multiple stack overflows due to the absence of user input sanitization and bounds checking on parameters mac and terminal which can lead to corruption of data on the stack, hijacking of control flow, and DoS. The attack can be performed remotely.
The vulnerability is in the memcpy() calls with no bounds checking.
Send a POST request to the /goform/setAdPushInfo endpoint to trigger the stack overflow |
|---|
| Fonte | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Tenda/setAdPushInfo.md |
|---|
| Utilizador | dwbruijn (UID 93926) |
|---|
| Submissão | 28/12/2025 17h36 (há 4 meses) |
|---|
| Moderação | 29/12/2025 09h01 (15 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 338628 [Tenda M3 1.0.0.13(4903) /goform/setAdPushInfo formSetAdPushInfo mac/terminal Excesso de tampão] |
|---|
| Pontos | 20 |
|---|