| Title | Tenda RX9 Router RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow |
|---|
| Description | In Tenda RX9 Pro Firmware V22.03.02.20 firmware has a stack overflow vulnerability in the sub_4337EC function. This function accepts the list parameter from a POST request by Var variable and pass it to the sub_4335DC function.Within sub_4335DC, since the user has control over the input of list, the statement strcpy(v14, a1) leads to a buffer overflow. |
|---|
| Source | ⚠️ https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetNetControlList.md |
|---|
| User | GuoXB (UID 76104) |
|---|
| Submission | 10/20/2024 08:21 (2 years ago) |
|---|
| Moderation | 10/23/2024 08:07 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 281558 [Tenda RX9/RX9 Pro 22.03.02.20 SetNetControlList sub_4337EC list stack-based overflow] |
|---|
| Points | 19 |
|---|