| Title | Tenda AC15 15.03.05.18 Memory Corruption |
|---|
| Description | A stack-based buffer overflow exists in the formWifiBasicSet function of the Tenda AC15 router firmware V15.03.05.18. The vulnerability is in the httpd binary which handles HTTP requests on the device. When processing a POST request to /goform/WifiBasicSet, the function reads the "security" and "security_5g" parameters via websGetVar() and copies them into 256-byte stack buffers using strcpy() with no length validation. By sending a parameter value longer than 256 bytes, an attacker can overwrite the saved return address on the stack and hijack program control flow. A full remote code execution exploit has been developed using a ROP chain (pop r3 + mov r0,sp + blx r3) to call libc system() with an attacker-controlled command string, achieving arbitrary command execution as root. The vulnerability requires LAN access and cookie-based authentication (default credentials). Proof of concept and exploit code are included in the attached archive. |
|---|
| Source | ⚠️ https://files.catbox.moe/py6j1f.zip |
|---|
| User | meshaal (UID 96796) |
|---|
| Submission | 03/25/2026 16:19 (18 days ago) |
|---|
| Moderation | 04/08/2026 18:57 (14 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 206867 [Tenda AC15 15.03.05.18 httpd /goform/formWifiBasicSet stack-based overflow] |
|---|
| Points | 0 |
|---|