| Title | Tenda RX9 Router RX9 Pro Firmware V22.03.02.10、RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow |
|---|
| Description | In Tenda RX9 Pro Firmware V22.03.02.20 firmware has a stack overflow vulnerability in the sub_42EEE0 function. The var variable receives the list parameter from a POST request. However, since the user can control the input of list, the statement if ( sscanf((int)Var, "%[^,],%[^,],%[^,],%s", v16, v18, v19, v20) != 4 ) can cause a buffer overflow. The user-provided list can exceed the capacity of the v16~v20 arrays, triggering this security vulnerability. |
|---|
| Source | ⚠️ https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md |
|---|
| User | GuoXB (UID 76104) |
|---|
| Submission | 10/20/2024 08:22 (2 years ago) |
|---|
| Moderation | 10/23/2024 08:07 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 281556 [Tenda RX9/RX9 Pro 22.03.02.10/22.03.02.20 SetStaticRouteCfg sub_42EEE0 list stack-based overflow] |
|---|
| Points | 20 |
|---|