| Название | Tenda M3 V1.0.0.13(4903) Stack-based Buffer Overflow |
|---|
| Описание | The formSetVlanInfo handler in /bin/httpd calls formSetRemoteVlanInfo (under certain conditions) which is vulnerable to multiple stack overflows due to the complete absence of user input sanitization and bounds checking on parameters ID, vlan, and port which can lead to corruption of data on the stack, hijacking of control flow, and DoS. The attack can be performed remotely.
The vulnerability is in the memcpy() calls with no bounds checking.
The following conditions must be satisfied for this vulnerability to be exploitable:
✅ 1. Router configured with ac.workmode=master
✅ 2. HTTP request includes Cookie header
✅ 3. Cookie contains devUid parameter
✅ 4. devUid format: devUid=IP:PORT;
✅ 5. IP must be valid dotted-quad format (xxx.xxx.xxx.xxx)
Send a POST request to the /goform/setVlanInfo endpoint to trigger the stack overflow in formSetRemoteVlanInfo |
|---|
| Источник | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Tenda/setRemoteVlanInfo.md |
|---|
| Пользователь | dwbruijn (UID 93926) |
|---|
| Представление | 28.12.2025 17:31 (4 месяцы назад) |
|---|
| Модерация | 29.12.2025 09:01 (15 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 338627 [Tenda M3 1.0.0.13(4903) /goform/setVlanInfo formSetRemoteVlanInfo ID/vlan/port повреждение памяти] |
|---|
| Баллы | 20 |
|---|