| Título | Tenda M3 V1.0.0.13(4903) Heap-based Buffer Overflow |
|---|
| Descrição | The formSetAdInfoDetail handler in /bin/httpd is vulnerable to multiple heap overflows due to the absence of user input sanitization and bounds checking on parameters adName, smsPassword, smsAccount, weixinAccount, weixinName, smsSignature, adRedirectUrl, adCopyRight, smsContent, and adItemUID.
The malloc() call allocates the heap block where the overflows take place and the memcpy() calls trigger the overflow of the allocated buffer.
Send a POST request to the /goform/setAdInfoDetail endpoint to trigger the heap overflow in formSetAdInfoDetails |
|---|
| Fonte | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Tenda/setAdInfoDetail.md |
|---|
| Utilizador | dwbruijn (UID 93926) |
|---|
| Submissão | 28/12/2025 17h40 (há 3 meses) |
|---|
| Moderação | 29/12/2025 09h01 (15 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 338629 [Tenda M3 1.0.0.13(4903) /goform/setAdInfoDetail formSetAdInfoDetails Excesso de tampão] |
|---|
| Pontos | 20 |
|---|