| tiêu đề | Tenda A21 V1.0.0.0 Stack-based Buffer Overflow |
|---|
| Mô tả | During a security review of the Tenda A21 router firmware (version V1.0.0.0), a critical stack-based buffer overflow vulnerability was identified in the IP-MAC binding configuration endpoint /goform/SetIpMacBind.
The vulnerability exists in the fromSetIpMacBind function. This function processes the list parameter which contains the binding rules. The function fails to validate the length of the input string before copying it into a fixed-size stack buffer s[128] using the unsafe strcpy function. Furthermore, the parsed data is passed to set_device_name, which contains additional unsafe sprintf calls, leading to multiple points of stack corruption. |
|---|
| Nguồn | ⚠️ https://github.com/QIU-DIE/cve-nneeww/issues/2 |
|---|
| Người dùng | hhsw34 (UID 91076) |
|---|
| Đệ trình | 09/02/2026 12:39 (cách đây 3 các tháng) |
|---|
| Kiểm duyệt | 20/02/2026 15:41 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 347108 [Tenda A21 1.0.0.0 /goform/SetIpMacBind fromSetIpMacBind list tràn bộ đệm] |
|---|
| điểm | 20 |
|---|