| Title | Tenda AC7 <= Firmware v1.0_v15.03.06.44 RCE |
|---|
| Description | Vulnerability level: High risk (RCE)
Affected version: Firmware version <= Firmware v1.0_v15.03.06.44
Through the /bin/httpd binary file, we can find the formSetMacFilterCfg function.
The webGetVar program is used to obtain parameters. The parameters of deviceList are directly parsed without any detection
Continue to follow up, the final parameter will be passed to parse_macfilter_rule, strcpy can overflow here to control the return address, here we construct the rop chain to execute system('/bin/sh'), and finally successfully getshell, the attacker can remotely attack |
|---|
| Source | ⚠️ https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda_AC7%20V1.0_V15.03.06.44%20has%20a%20stack%20overflow%20vulnerability%20in%20parse_macfilter_rule.md |
|---|
| User | liuchangwei (UID 86561) |
|---|
| Submission | 07/20/2025 17:46 (11 months ago) |
|---|
| Moderation | 07/22/2025 09:16 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 317220 [Tenda AC7 15.03.06.44 httpd /goform/setMacFilterCfg formSetMacFilterCfg deviceList stack-based overflow] |
|---|
| Points | 20 |
|---|