| Title | Tenda AC9 v1.0/V3.0 V15.03.06.42_multi Stack-based Buffer Overflow |
|---|
| Description | This vulnerability will cause the device's web service to continuously restart or fail to start, and it is difficult to restore factory settings. Even if the device is restarted, the vulnerability will still be triggered.
The `formGetDdosDefenceList` function has a stack overflow vulnerability.
The `security.ddos.map` configuration field has a stack overflow vulnerability.
An attacker can tamper with the value of `security.ddos.map` in the configuration file, turning it into an overly long string, which can cause a stack overflow and crash the web service. If the string is carefully constructed, it may lead to remote code execution. |
|---|
| Source | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda3.md |
|---|
| User | jfkk (UID 79868) |
|---|
| Submission | 01/31/2026 15:31 (2 months ago) |
|---|
| Moderation | 02/07/2026 18:28 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 344894 [Tenda AC9 15.03.06.42_multi formGetDdosDefenceList security.ddos.map stack-based overflow] |
|---|
| Points | 20 |
|---|