| Название | Tenda A18pro V02.03.02.28 Stack-based Buffer Overflow |
|---|
| Описание | During a security review of the Tenda A18pro router firmware (version V02.03.02.28), a critical buffer overflow vulnerability was identified in the Wi-Fi schedule configuration endpoint /goform/openSchedWifi.
The vulnerability exists within the setSchedWifi function. This function retrieves user-controlled parameters schedStartTime and schedEndTime via the websGetVar interface. These values are subsequently copied into a heap-allocated buffer of fixed size (25 bytes) using the unsafe strcpy function. Since there is no length validation on the input, an attacker can provide an oversized string to overflow the buffer, leading to memory corruption, Denial of Service (DoS), or potential arbitrary code execution. |
|---|
| Источник | ⚠️ https://github.com/lilukun337/cve/issues/2 |
|---|
| Пользователь | lilukun (UID 96162) |
|---|
| Представление | 06.03.2026 06:55 (1 месяц назад) |
|---|
| Модерация | 20.03.2026 09:33 (14 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 352016 [Tenda A18 Pro 02.03.02.28 /goform/openSchedWifi setSchedWifi повреждение памяти] |
|---|
| Баллы | 20 |
|---|