| Title | Tenda M3 V1.0.0.13(4903) Heap-based Buffer Overflow |
|---|
| Description | The formSetInternetLanInfo handler in /bin/httpd calls formSetRemoteInternetLanInfo (under certain conditions) which is vulnerable to multiple heap overflows due to the complete absence of user input sanitization and bounds checking on parameters portIp, portMask, portGateWay, portDns, and portSecDns.
The vulnerability is in the memcpy() calls with no bounds checking.
The router must be configured with ac.workmode=master (default) for this vulnerability to be exploitable.
Send a crafted POST request to the /goform/setInternetLanInfo endpoint to trigger the heap overflow in formSetRemoteInternetLanInfo |
|---|
| Source | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Tenda/setRemoteInternetLanInfo.md |
|---|
| User | dwbruijn (UID 93926) |
|---|
| Submission | 12/28/2025 17:46 (3 months ago) |
|---|
| Moderation | 12/29/2025 09:01 (15 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338630 [Tenda M3 1.0.0.13(4903) setInternetLanInfo formSetRemoteInternetLanInfo portIp/portMask/portGateWay/portDns/portSecDns heap-based overflow] |
|---|
| Points | 20 |
|---|