| Title | Tenda AX1803 V1.0.0.1 Stack-based Buffer Overflow |
|---|
| Description | Tenda AX1803 firmware v1.0.0.1 contains a stack overflow in form_fast_setting_get via parameter wlan0.0_bss_wpapsk_key, which can cause memory corruption and enable remote code execution.
The form_fast_setting_wifi_set function reads the wrlPassword parameter from an HTTP POST and stores the retrieved string in the local variable pcVar2. It then invokes SetValue to write the value into the CFM service with the key "wlan0.0_bss_wpapsk_key".
The form_fast_setting_get function invokes GetValue with the key "wlan0.0_bss_wpapsk_key" to get the value from CFM. The value is stored in the local buffer acStack_320 without length validation. Since this value is derived from user-controlled POST input (wrlPassword), this can cause a buffer overflow and allow a remote attacker to execute arbitrary code. |
|---|
| Source | ⚠️ https://river-brow-763.notion.site/Tenda-AX1803-Buffer-Overflow-in-form_fast_setting_get-2e3a595a7aef80ec9509ce03d8cb29b6 |
|---|
| User | wlupus (UID 94367) |
|---|
| Submission | 01/10/2026 17:16 (5 months ago) |
|---|
| Moderation | 01/22/2026 08:45 (12 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 342157 [Tenda AX1803 1.0.0.1 form_fast_setting_wifi_set ssid stack-based overflow] |
|---|
| Points | 0 |
|---|