| Title | Tenda A15 V15.13.07.13 Stack-based Buffer Overflow |
|---|
| Description | In the web management interface of the Tenda A15 V15.13.07.13 router, the /cgi-bin/UploadCfg interface contains a security vulnerability when processing firmware or configuration upload requests. This flaw originates from the underlying parsing function, webCgiGetUploadFile, which fails to perform effective bounds checking on the boundary field of multipart/form-data messages.
An attacker can construct a malicious HTTP POST request containing an excessively long boundary string. When the server attempts to copy this string into a fixed-length buffer on the stack (approximately 68 bytes), it triggers a stack-based buffer overflow. |
|---|
| Source | ⚠️ https://github.com/942384053/cve/issues/3 |
|---|
| User | 942384053 (UID 94603) |
|---|
| Submission | 03/08/2026 14:23 (4 months ago) |
|---|
| Moderation | 03/22/2026 09:34 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 352404 [Tenda A15 15.13.07.13 /cgi-bin/UploadCfg File stack-based overflow] |
|---|
| Points | 20 |
|---|