| Title | Tenda M3 V1.0.0.13(4903) Heap-based Buffer Overflow |
|---|
| Description | The formSetVlanPolicy handler in /bin/httpd is vulnerable to heap overflow due to the absence of user input sanitization and bounds checking on parameter qvlan_truck_port.
The vulnerability is in the memcpy() call performed using parameter qvlan_truck_port controlled by the user with no bounds checking.
Send a POST request to the /goform/setVlanPolicyData endpoint to trigger the heap overflow in formSetVlanPolicy |
|---|
| Source | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Tenda/setVlanPolicy.md |
|---|
| User | dwbruijn (UID 93926) |
|---|
| Submission | 12/28/2025 17:26 (4 months ago) |
|---|
| Moderation | 12/29/2025 09:01 (16 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338626 [Tenda M3 1.0.0.13(4903) setVlanPolicyData formSetVlanPolicy qvlan_truck_port heap-based overflow] |
|---|
| Points | 20 |
|---|