| Title | Tenda AC7 V15.03.06.44 Buffer Overflow |
|---|
| Description | The router AC7_V15.03.06.44 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary stack overflow vulnerability located in the function formSetSchedLed. This function accepts the parameter time from wp through a post request to time_interval, and then calls the strtok function twice for extraction. The extracted result is passed into the function mib2utc without any check, which may cause the buffer ali_val to overflow. Attackers can exploit this vulnerability to cause a denial of service or remote code execution. |
|---|
| Source | ⚠️ https://github.com/zezhifu1/cve_report/blob/main/AC7/formsetschedled.md |
|---|
| User | zezhifu (UID 87457) |
|---|
| Submission | 08/06/2025 11:13 (10 months ago) |
|---|
| Moderation | 08/14/2025 09:07 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 320088 [Tenda AC7/AC18 15.03.05.19/15.03.06.44 /goform/SetLEDCfg formSetSchedLed Time buffer overflow] |
|---|
| Points | 20 |
|---|