| Название | Tenda A21 V1.0.0.0 Stack-based Buffer Overflow |
|---|
| Описание | During a security review of the Tenda A21 router firmware (version V1.0.0.0), a critical stack-based buffer overflow vulnerability was identified in the device name configuration endpoint /goform/SetOnlineDevName.
The vulnerability exists in the set_device_name function, which is invoked by the formSetDeviceName handler. The handler retrieves the user-controlled devName parameter and passes it to set_device_name. Inside this function, the input string is directly used in an unsafe sprintf call to format a string into a fixed-size stack buffer s__1[256]. The code fails to validate the length of the input string before this operation. |
|---|
| Источник | ⚠️ https://github.com/QIU-DIE/cve-nneeww/issues/6 |
|---|
| Пользователь | hhsw34 (UID 91076) |
|---|
| Представление | 09.02.2026 13:04 (3 месяцы назад) |
|---|
| Модерация | 20.02.2026 18:04 (11 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 347180 [Tenda A21 1.0.0.0 /goform/SetOnlineDevName set_device_name devName повреждение памяти] |
|---|
| Баллы | 20 |
|---|