| tiêu đề | Tenda AC10 V4 US_AC10V4.0si_V16.03.10.10_multi_TDE01 Stack-based Buffer Overflow |
|---|
| Mô tả | A stack-based buffer overflow vulnerability exists in the fromSysToolChangePwd function (0x004b428c) in /bin/httpd of Tenda AC10 V4 firmware V16.03.10.10. A 36-byte stack buffer (local_2c) is used as the destination for GetValue("sys.userpass", local_2c) without bounds checking. The saved return address is reachable with approximately 48 bytes of overflow. If an oversized value is stored in the sys.userpass NVRAM key via another attack vector, the saved return address can be overwritten enabling arbitrary code execution. The binary lacks stack canaries and PIE protection. |
|---|
| Nguồn | ⚠️ https://github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/CRITICAL-04-stackoverflow-fromsystoolchangepwd.md |
|---|
| Người dùng | CoreNode (UID 96566) |
|---|
| Đệ trình | 18/03/2026 16:32 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 04/04/2026 15:28 (17 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 355312 [Tenda AC10 16.03.10.10_multi_TDE01 /bin/httpd fromSysToolChangePwd sys.userpass tràn bộ đệm] |
|---|
| điểm | 20 |
|---|