Submit #427066: Tenda RX9 Router RX9 Pro Firmware V22.03.02.10、RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflowinfo

TitleTenda RX9 Router RX9 Pro Firmware V22.03.02.10、RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow
DescriptionIn Tenda RX9 Pro Firmware V22.03.02.20 firmware has a stack overflow vulnerability in the sub_42EA38 function. The var variable receives the list parameter from a POST request. However, since the user can control the input of list, the statement if ( sscanf((int)Var, "%[^,],%[^,],%[^,],%s", v19, v18, v17, v16) == 4 ) can cause a buffer overflow. The user-provided list can exceed the capacity of the v16~v19 arrays, triggering this security vulnerability.
Source⚠️ https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md
User
 GuoXB (UID 76104)
Submission10/20/2024 08:23 (2 years ago)
Moderation10/23/2024 08:07 (3 days later)
StatusAccepted
VulDB entry281557 [Tenda RX9/RX9 Pro 22.03.02.10/22.03.02.20 SetVirtualServerCfg sub_42EA38 list stack-based overflow]
Points20

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!