| Title | Tenda AC6V2.0 Tenda AC6V2.0 V15.03.06.23_multi Stack-based Buffer Overflow |
|---|
| Description | A vulnerability was determined in Tenda AC6V2.0 V15.03.06.23_multi. Specifically, the formSetQosBand CGI function passes user-supplied input from the list argument down to the internal function setQosMiblist within the httpd binary. The setQosMiblist function improperly handles this input, causing a stack-based buffer overflow. By supplying an overly long string to the list parameter via a crafted HTTP request, an attacker can overwrite the return address on the stack. This vulnerability can be exploited remotely, leading to denial of service or, potentially, arbitrary code execution with root privileges. |
|---|
| Source | ⚠️ https://github.com/Axelioc/CVE/blob/main/Tenda/AC6V2.0/setQosMiblist.md |
|---|
| User | Haaalion (UID 89556) |
|---|
| Submission | 05/31/2026 17:00 (29 days ago) |
|---|
| Moderation | 06/28/2026 20:23 (28 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 314781 [Tenda AC6 15.03.05.16 formSetQosBand list buffer overflow] |
|---|
| Points | 0 |
|---|