| Название | Tenda M3 V1.0.0.13(4903) Stack-based Buffer Overflow |
|---|
| Описание | The formSetDhcpForAp handler in /bin/httpd calls formSetRemoteDhcpForAp which is vulnerable to multiple stack overflows due to the absence of user input sanitization and bounds checking on parameters startip, endip, leasetime, gateway, dns1, and dns2 which can lead to corruption of data on the stack, hijacking of control flow, and DoS. The attack can be performed remotely.
The vulnerability is in the memcpy() calls with no bounds checking.
The router must be configured with ac.workmode=master (default) for this vulnerability to be exploitable.
Send a POST request to the /goform/setDhcpAP endpoint to trigger the stack overflow in formSetRemoteDhcpForAp and we can deliver the payload using any of the 6 parameters |
|---|
| Источник | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Tenda/setRemoteDhcpForAp.md |
|---|
| Пользователь | dwbruijn (UID 93926) |
|---|
| Представление | 28.12.2025 17:49 (3 месяцы назад) |
|---|
| Модерация | 29.12.2025 10:17 (16 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 338642 [Tenda M3 1.0.0.13(4903) /goform/setDhcpAP formSetRemoteDhcpForAp startip/endip/leasetime/gateway/dns1/dns2 повреждение памяти] |
|---|
| Баллы | 20 |
|---|