| Title | Tenda AX1803 V1.0.0.1 Stack-based Buffer Overflow |
|---|
| Description | Tenda AX1803 firmware v1.0.0.1 contains a stack overflow in fromGetWifiGusetBasic via parameter wlan0.3_bss_wpapsk_key, which can cause memory corruption and enable remote code execution.
The fromSetWifiGusetBasic reads the guestWrlPwd parameter from an HTTP POST. It then invokes SetValue to write the value into the CFM service with the key "wlan0.3_bss_wpapsk_key".
The fromGetWifiGusetBasic function invokes GetValue with the key "wlan0.3_bss_wpapsk_key" to get the value from CFM. The value is stored in the local buffer without length validation. Since this value is derived from user-controlled POST input (guestWrlPwd), this can cause a buffer overflow and allow a remote attacker to execute arbitrary code. |
|---|
| Source | ⚠️ https://river-brow-763.notion.site/Tenda-AX1803-Buffer-Overflow-in-fromGetWifiGusetBasic-2e3a595a7aef80a78225db34317daa40#2e3a595a7aef801ab517e4af5631227a |
|---|
| User | wlupus (UID 94367) |
|---|
| Submission | 01/10/2026 17:33 (5 months ago) |
|---|
| Moderation | 01/22/2026 08:51 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 342305 [Tenda AX1803 1.0.0.1 /goform/WifiGuestSet fromGetWifiGuestBasic stack-based overflow] |
|---|
| Points | 17 |
|---|