| tiêu đề | Tenda W6-S V1.0.0.4(510) Stack-based Buffer Overflow |
|---|
| Mô tả | The R7websSsecurityHandler component in /bin/httpd is vulnerable to a pre-authentication stack overflow via the cookie header which allows a remote attacker to hijack execution flow or cause DoS.
The vulnerability exists in the R7websSecurityHandler function, specifically the part responsible for parsing the cookie header and that code runs before any authentication or session checks.
The vulnerable sscanf call parses everything in the user cookie value until ";" thus overflowing the buffer.
To exploit this, all we need to do is send a request with a crafted cookie header to any endpoint. |
|---|
| Nguồn | ⚠️ https://github.com/dwBruijn/CVEs/blob/main/Tenda/R7WebsSecurityHandler.md |
|---|
| Người dùng | dwbruijn (UID 93926) |
|---|
| Đệ trình | 28/12/2025 18:04 (cách đây 4 các tháng) |
|---|
| Kiểm duyệt | 29/12/2025 10:20 (16 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 338645 [Tenda W6-S 1.0.0.4(510) R7websSsecurityHandler /bin/httpd Cookie tràn bộ đệm] |
|---|
| điểm | 20 |
|---|