| Title | Tenda Rx9 Router RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow |
|---|
| Description | In Tenda RX9 Pro Firmware V22.03.02.20 firmware has a stack overflow vulnerability in the `sub_424CE0` function. This function accepts the `deviceList` parameter from a POST request by `v3` variable and pass it to the `sub_423B10` function.Within `sub_423B10`, since the user has control over the input of `deviceList`, the statement `strcpy(&31[32], a2)` leads to a buffer overflow. |
|---|
| Source | ⚠️ https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md |
|---|
| User | GuoXB (UID 76104) |
|---|
| Submission | 10/21/2024 14:44 (1 Year ago) |
|---|
| Moderation | 10/24/2024 17:34 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 281699 [Tenda RX9 Pro 22.03.02.20 POST Request /goform/setMacFilterCfg sub_424CE0 deviceList stack-based overflow] |
|---|
| Points | 20 |
|---|